Update third-party rules as of 2024-12-23 #2274
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright 2024 Chainguard, Inc. | |
# SPDX-License-Identifier: Apache-2.0 | |
name: Code Style | |
permissions: | |
contents: read | |
on: | |
pull_request: | |
branches: | |
- "main" | |
push: | |
branches: | |
- "main" | |
jobs: | |
yrcompile: | |
name: check yr compile | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
with: | |
egress-policy: audit | |
- name: Check out code | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Install yara-x | |
run: | | |
wget https://github.com/VirusTotal/yara-x/releases/download/v0.10.0/yara-x-v0.10.0-x86_64-unknown-linux-gnu.gzip -O yara-x.gzip | |
tar -xzvf yara-x.gzip && mv yr /usr/local/bin/ && rm yara-x.gzip | |
- name: Verify yr installation | |
run: | | |
yr --version | |
- name: Run yr compile | |
run: | | |
yr compile rules/ | |
ret=$? | |
if [[ $ret -ne 0 ]]; then | |
echo "Rule compilation failed; address findings and commit the changes" | |
exit 1 | |
fi | |
yrfmt: | |
name: check yr fmt | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
with: | |
egress-policy: audit | |
- name: Check out code | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Install yara-x | |
run: | | |
wget https://github.com/VirusTotal/yara-x/releases/download/v0.10.0/yara-x-v0.10.0-x86_64-unknown-linux-gnu.gzip -O yara-x.gzip | |
tar -xzvf yara-x.gzip && mv yr /usr/local/bin/ && rm yara-x.gzip | |
- name: Verify yr installation | |
run: | | |
yr --version | |
- name: Run yr fmt | |
run: | | |
find rules -type f -name "*.yara" | xargs -n 1 -I {} yr fmt {} | |
if [[ -n $(git status -s) ]]; then | |
echo "Rule files updated; please run yr fmt locally and commit the changes" | |
exit 1 | |
fi | |
gofmt: | |
name: check gofmt | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
with: | |
egress-policy: audit | |
- name: Check out code | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Set up Go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version-file: go.mod | |
check-latest: true | |
- uses: chainguard-dev/actions/gofmt@9d943fc9889a0c0795e3c2bd4b949a9b610ac02e # main | |
with: | |
args: -s | |
goimports: | |
name: check goimports | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
with: | |
egress-policy: audit | |
- name: Check out code | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Set up Go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version-file: go.mod | |
check-latest: true | |
- uses: chainguard-dev/actions/goimports@9d943fc9889a0c0795e3c2bd4b949a9b610ac02e # main | |
golangci-lint: | |
name: golangci-lint | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Set up Go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version-file: go.mod | |
check-latest: true | |
- name: install libyara-dev | |
run: | | |
sudo apt update && sudo apt install libyara-dev -y | |
- name: golangci-lint | |
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 | |
with: | |
version: v1.62.0 | |
args: --timeout=5m | |