Skip to content

Commit ad6185c

Browse files
tony-josi-awstony-josi-aws
authored
Update GitHub Actions workflows as per security guidelines (#172)
* Update GitHub Actions workflows as per security guidelines * Fix link verification
1 parent 27edcd5 commit ad6185c

File tree

2 files changed

+16
-9
lines changed

2 files changed

+16
-9
lines changed

.github/workflows/release.yml

+15-8
Original file line numberDiff line numberDiff line change
@@ -36,15 +36,20 @@ jobs:
3636
git commit -m 'Update SBOM'
3737
git push -u origin ${{ github.event.inputs.version_number }}
3838
- name: Tag Commit and Push to remote
39+
env:
40+
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
3941
run: |
40-
git tag ${{ github.event.inputs.version_number }} -a -m "coreJSON Library ${{ github.event.inputs.version_number }}"
42+
git tag "$VERSION_NUMBER" -a -m "coreJSON Library $VERSION_NUMBER"
4143
git push origin --tags
4244
- name: Verify tag on remote
45+
env:
46+
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
47+
COMMIT_ID: ${{ github.event.inputs.commit_id }}
4348
run: |
44-
git tag -d ${{ github.event.inputs.version_number }}
49+
git tag -d "$VERSION_NUMBER"
4550
git remote update
46-
git checkout tags/${{ github.event.inputs.version_number }}
47-
git diff ${{ github.event.inputs.commit_id }} tags/${{ github.event.inputs.version_number }}
51+
git checkout tags/"$VERSION_NUMBER"
52+
git diff "$COMMIT_ID" tags/"$VERSION_NUMBER"
4853
create-zip:
4954
needs: tag-commit
5055
name: Create ZIP and verify package for release asset.
@@ -67,13 +72,15 @@ jobs:
6772
zip -r coreJSON-${{ github.event.inputs.version_number }}.zip coreJSON -x "*.git*"
6873
ls ./
6974
- name: Validate created ZIP
75+
env:
76+
VERSION_NUMBER: ${{ github.event.inputs.version_number }}
7077
run: |
7178
mkdir zip-check
72-
mv coreJSON-${{ github.event.inputs.version_number }}.zip zip-check
79+
mv coreJSON-"$VERSION_NUMBER".zip zip-check
7380
cd zip-check
74-
unzip coreJSON-${{ github.event.inputs.version_number }}.zip -d coreJSON-${{ github.event.inputs.version_number }}
75-
ls coreJSON-${{ github.event.inputs.version_number }}
76-
diff -r -x "*.git*" coreJSON-${{ github.event.inputs.version_number }}/coreJSON/ ../coreJSON/
81+
unzip coreJSON-"$VERSION_NUMBER".zip -d coreJSON-"$VERSION_NUMBER"
82+
ls coreJSON-"$VERSION_NUMBER"
83+
diff -r -x "*.git*" coreJSON-"$VERSION_NUMBER"/coreJSON/ ../coreJSON/
7784
cd ../
7885
- name: Build
7986
run: |

tools/coverity/README.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ see the [MISRA.md](https://github.com/FreeRTOS/coreJSON/blob/main/MISRA.md) file
1212

1313
## Getting Started
1414
### Prerequisites
15-
You can run this on a platform supported by Coverity. The list and other details can be found [here](https://sig-docs.synopsys.com/polaris/topics/c_coverity-compatible-platforms.html).
15+
You can run this on a platform supported by Coverity. The list and other details can be found [here](https://documentation.blackduck.com/bundle/coverity-docs/page/deploy-install-guide/topics/supported_platforms_for_coverity_analysis.html).
1616
To compile and run the Coverity target successfully, you must have the following:
1717

1818
1. CMake version > 3.13.0 (You can check whether you have this by typing `cmake --version`)

0 commit comments

Comments
 (0)