From 7b1fdb3e7be667a602d1ac02d224c6f405ec25b0 Mon Sep 17 00:00:00 2001 From: Alex Nelson Date: Fri, 21 Jun 2024 16:28:46 -0400 Subject: [PATCH] Start schedule-triggered supply-chain review Disclaimer: Participation by NIST in the creation of the documentation of mentioned software is not intended to imply a recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that any specific software is necessarily the best available for the purpose. Signed-off-by: Alex Nelson --- .github/workflows/supply-chain.yml | 43 ++++++++++++++++++++++++++++++ Makefile | 17 +++++++++++- 2 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/supply-chain.yml diff --git a/.github/workflows/supply-chain.yml b/.github/workflows/supply-chain.yml new file mode 100644 index 0000000..1f0c684 --- /dev/null +++ b/.github/workflows/supply-chain.yml @@ -0,0 +1,43 @@ +# Portions of this file contributed by NIST are governed by the +# following statement: +# +# This software was developed at the National Institute of Standards +# and Technology by employees of the Federal Government in the course +# of their official duties. Pursuant to title 17 Section 105 of the +# United States Code this software is not subject to copyright +# protection and is in the public domain. NIST assumes no +# responsibility whatsoever for its use by other parties, and makes +# no guarantees, expressed or implied, about its quality, +# reliability, or any other characteristic. +# +# We would appreciate acknowledgement if the software is used. + +# This workflow uses Make to review direct dependencies of this +# repository. + +name: Supply Chain + +on: + schedule: + - cron: '15 5 * * 1,2,3,4,5' + +jobs: + build: + + runs-on: ubuntu-latest + strategy: + matrix: + python-version: + - '3.8' + - '3.9' + + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v5 + with: + python-version: ${{ matrix.python-version }} + - name: Review dependencies + run: make check-supply-chain diff --git a/Makefile b/Makefile index 64728d6..71f13af 100644 --- a/Makefile +++ b/Makefile @@ -20,6 +20,10 @@ endif all: +.PHONY: \ + check-mypy \ + check-supply-chain + .git_submodule_init.done.log: .gitmodules # Confirm dfxml_schema has been checked out at least once. test -r dependencies/dfxml_schema/dfxml.xsd \ @@ -33,11 +37,22 @@ clean: --directory tests \ clean -check: .git_submodule_init.done.log +check: \ + check-mypy $(MAKE) \ SHELL=$(SHELL) \ --directory tests \ check +check-mypy: \ + .git_submodule_init.done.log + $(MAKE) \ + SHELL=$(SHELL) \ + --directory tests \ + check-mypy + +check-supply-chain: \ + check-mypy + check-tools: (cd tests/misc_object_tests;make check)