EPSS fix (#108) #27
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release-Candidate | |
on: | |
push: | |
tags: | |
- "rc*" | |
permissions: | |
contents: read | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
env: | |
reportTemplate: 'report_template.html' | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 | |
with: | |
egress-policy: audit | |
- name: Checkout repo | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: Setup Node | |
uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2 | |
with: | |
working-directory: src/frontend-app | |
- name: Install dependencies | |
uses: bahmutov/npm-install@e5c7e14408aa6089501de32bd16123b41738047e # v1.10.2 | |
with: | |
working-directory: src/frontend-app | |
- name: Build project | |
run: | | |
cd src/frontend-app/ | |
npm run build | |
- name: Preparing report_template.html | |
run: | | |
{ | |
head -n -4 'src/frontend-app/dist/src/assets/app-template.html' | |
echo '' | |
cat 'src/frontend-app/dist/app.js' | |
echo '' | |
echo '</script>' | |
echo '</body>' | |
echo '</html>' | |
} >"$reportTemplate" | |
cat "$reportTemplate" | |
- name: Compress | |
run: tar -zcvf scan2html.tar.gz scan2html.sh "$reportTemplate" LICENSE release-candidate/plugin.yaml | |
- name: Install GPG | |
run: sudo apt-get install -y gnupg | |
- name: Configure GPG | |
run: | | |
mkdir -p ~/.gnupg | |
chmod 700 ~/.gnupg | |
echo "use-agent" > ~/.gnupg/gpg.conf | |
echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf | |
- name: Import GPG key | |
run: | | |
echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --yes --import | |
env: | |
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
- name: Sign the release file | |
run: | | |
gpg --batch --yes --pinentry-mode loopback --passphrase "${{ secrets.GPG_PASSPHRASE }}" --armor --detach-sign scan2html.tar.gz | |
env: | |
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
- name: Release | |
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 | |
with: | |
files: | | |
scan2html.tar.gz | |
scan2html.tar.gz.asc |