Skip to content

Package vulnerability audit dec 2024 #1661

Package vulnerability audit dec 2024

Package vulnerability audit dec 2024 #1661

name: Markdown, Docker, and Shell Static Analysis
on: [push, pull_request, workflow_dispatch]
env:
MARKDOWNLINT_CONFIG: etc/static-analysis/markdownlint.json
HADOLINT_DOCKER: hadolint/hadolint:v2.12.0
SHELLCHECK_DOCKER: koalaman/shellcheck:v0.9.0
MARKDOWN_DOCKER: ghcr.io/igorshubovych/markdownlint-cli:v0.37.0
jobs:
docker-shell-markdown-static-analysis:
runs-on: ubuntu-22.04
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
steps:
- uses: actions/checkout@v4
- name: Pulling Docker containers
run: |
docker pull $HADOLINT_DOCKER
docker pull $SHELLCHECK_DOCKER
docker pull $MARKDOWN_DOCKER
- name: Dockerfile linting with Hadolint
run: |
while read -r file;
do
docker run --rm -i $HADOLINT_DOCKER < "$file"
done < <(find . -type f ! -path "*/node_modules/*" -name "Dockerfile" -print)
- name: Shellscript linting with ShellCheck
run: |
while read -r file;
do
docker run --rm -v "$PWD:/mnt" $SHELLCHECK_DOCKER --format=gcc "$file"
done < <(find . -type f ! -path "*node_modules/*" ! -path "*local/*" ! -path "*lib/*" ! -path "./.git/*" -name "*.sh" -print)
- name: Markdown linting with markdownlint-cli
run: |
while read -r file;
do
docker run -v $PWD:/workdir $MARKDOWN_DOCKER -i paper.md --config $MARKDOWNLINT_CONFIG "$file"
done < <(find . -type f ! -path "**/node_modules/*" ! -path "*local/*" ! -path "*lib/*" ! -path "**/.git/*" -name "*.md" -print)