From 95ec27c7cb155eb3421d6ea989418298a8fd7f58 Mon Sep 17 00:00:00 2001 From: Gareth Jones Date: Thu, 4 Dec 2025 08:29:53 +1300 Subject: [PATCH 1/9] ci: run `osv-linter` --- .github/workflows/ci.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dc638f81..59ec6da1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -36,6 +36,23 @@ jobs: persist-credentials: false - run: docker run -v $PWD:/src ghcr.io/google/osv-scanner:latest scan -r src + lint: + permissions: + contents: read # to fetch code (actions/checkout) + runs-on: ubuntu-latest + timeout-minutes: 15 + steps: + - name: Set up Go + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + with: + go-version: stable + check-latest: true + - run: git clone https://github.com/ossf/osv-schema /tmp/osv-schema + - run: go install ./cmd/osv + working-directory: /tmp/osv-schema/tools/osv-linter + + - run: osv-linter + ruff: permissions: contents: read # to fetch code (actions/checkout) From ab3663a1d53eae5fdd7db4120aaa92c610ff0a09 Mon Sep 17 00:00:00 2001 From: Gareth Jones Date: Thu, 4 Dec 2025 08:43:22 +1300 Subject: [PATCH 2/9] ci: cache go dependencies --- .github/workflows/ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 59ec6da1..a435cf2a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -42,12 +42,13 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 15 steps: + - run: git clone https://github.com/ossf/osv-schema /tmp/osv-schema - name: Set up Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: + cache-dependency-path: '/tmp/osv-schema/tools/osv-linter/go.sum' go-version: stable check-latest: true - - run: git clone https://github.com/ossf/osv-schema /tmp/osv-schema - run: go install ./cmd/osv working-directory: /tmp/osv-schema/tools/osv-linter From 599447f8929779ca6c8ba603f0c8d7e66d600ca8 Mon Sep 17 00:00:00 2001 From: Gareth Jones Date: Thu, 4 Dec 2025 08:45:04 +1300 Subject: [PATCH 3/9] ci: rework --- .github/workflows/ci.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a435cf2a..797fb84c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -49,10 +49,9 @@ jobs: cache-dependency-path: '/tmp/osv-schema/tools/osv-linter/go.sum' go-version: stable check-latest: true - - run: go install ./cmd/osv + - run: go build -o osv-linter ./cmd/osv working-directory: /tmp/osv-schema/tools/osv-linter - - - run: osv-linter + - run: /tmp/osv-schema/tools/osv-linter/osv-linter ruff: permissions: From 6fd91ce4866c3ab64fb9b02afe2dbb9b80d7b29c Mon Sep 17 00:00:00 2001 From: Gareth Jones Date: Thu, 4 Dec 2025 08:49:49 +1300 Subject: [PATCH 4/9] ci: be within workspace --- .github/workflows/ci.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 797fb84c..09a255be 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -42,16 +42,17 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 15 steps: - - run: git clone https://github.com/ossf/osv-schema /tmp/osv-schema + - run: git clone https://github.com/ossf/osv-schema - name: Set up Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: - cache-dependency-path: '/tmp/osv-schema/tools/osv-linter/go.sum' + cache-dependency-path: 'osv-schema/tools/osv-linter/go.sum' go-version: stable check-latest: true - run: go build -o osv-linter ./cmd/osv - working-directory: /tmp/osv-schema/tools/osv-linter - - run: /tmp/osv-schema/tools/osv-linter/osv-linter + working-directory: osv-schema/tools/osv-linter + + - run: osv-schema/tools/osv-linter/osv-linter ruff: permissions: From c1dd844fc2351ad902b08f673bdc84ea426481d8 Mon Sep 17 00:00:00 2001 From: Gareth Jones Date: Thu, 4 Dec 2025 08:50:07 +1300 Subject: [PATCH 5/9] ci: clone the repository --- .github/workflows/ci.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 09a255be..bb698b92 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -54,6 +54,11 @@ jobs: - run: osv-schema/tools/osv-linter/osv-linter + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + with: + persist-credentials: false + - run: ls -aoh + ruff: permissions: contents: read # to fetch code (actions/checkout) From 1884d4d5b34c83bd9565c9d887a8dc62f842b363 Mon Sep 17 00:00:00 2001 From: Gareth Jones Date: Thu, 4 Dec 2025 08:55:46 +1300 Subject: [PATCH 6/9] ci: checkout repo within existing workspace --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bb698b92..1566fb50 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -56,6 +56,7 @@ jobs: - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: + path: drupal-advisory-database persist-credentials: false - run: ls -aoh From e51ae64a838d740cfe5c2a0f46778d012d563790 Mon Sep 17 00:00:00 2001 From: Gareth Jones Date: Thu, 4 Dec 2025 08:56:34 +1300 Subject: [PATCH 7/9] ci: run the linter --- .github/workflows/ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1566fb50..fdebc5d4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -58,7 +58,9 @@ jobs: with: path: drupal-advisory-database persist-credentials: false - - run: ls -aoh + - run: | + osv-schema/tools/osv-linter/osv-linter record lint --parallel 2 \ + drupal-advisory-database/advisories/ ruff: permissions: From 5fda7740bc8e2cae9e311301a776decb093bc0c7 Mon Sep 17 00:00:00 2001 From: Gareth Jones Date: Thu, 4 Dec 2025 09:08:28 +1300 Subject: [PATCH 8/9] ci: add some comments --- .github/workflows/ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fdebc5d4..de6ac8ef 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -42,6 +42,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 15 steps: + # build the osv-linter from source - run: git clone https://github.com/ossf/osv-schema - name: Set up Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 @@ -54,6 +55,7 @@ jobs: - run: osv-schema/tools/osv-linter/osv-linter + # run the linter against our advisories - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: path: drupal-advisory-database From ed8bde61d13004b16b375a6f8ab16c3c9564025b Mon Sep 17 00:00:00 2001 From: Gareth Jones Date: Thu, 4 Dec 2025 10:12:25 +1300 Subject: [PATCH 9/9] ci: only clone the first commit --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index de6ac8ef..4bd24f40 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -43,7 +43,7 @@ jobs: timeout-minutes: 15 steps: # build the osv-linter from source - - run: git clone https://github.com/ossf/osv-schema + - run: git clone --depth 1 https://github.com/ossf/osv-schema - name: Set up Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: