nomyo-ai/nomyo-js
2
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

.forgejo/workflows/nyxscanner.yml aktualisiert
All checks were successful
NYX Security Scan / nyx-scan (pull_request) Successful in 6m38s
Details

Browse source
This commit is contained in:
Alpha Nerd 2026-05-13 09:35:40 +02:00
parent efd30207e2
commit 6e2cab6143
1 changed files with 15 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

17
.forgejo/workflows/nyxscanner.yml
View file

@ -7,9 +7,6 @@ on:
jobs: jobs:
nyx-scan: nyx-scan:
runs-on: docker-amd64 runs-on: docker-amd64
permissions:
issues: write
pull-requests: write
steps: steps:
- name: Checkout PR - name: Checkout PR
@ -43,7 +40,7 @@ jobs:
continue-on-error: true continue-on-error: true
- name: Post findings as PR comment - name: Post findings as PR comment
if: always() if: steps.nyx.outcome == 'failure'
run: | run: |
FINDINGS=$(python3 -c " FINDINGS=$(python3 -c "
import json, sys import json, sys
@ -53,9 +50,6 @@ jobs:
results = data.get('runs', [{}])[0].get('results', []) results = data.get('runs', [{}])[0].get('results', [])
if not results:
body = '✅ NYX scan: no findings above threshold.'
else:
lines = [f'## 🔴 NYX found {len(results)} issue(s)\n'] lines = [f'## 🔴 NYX found {len(results)} issue(s)\n']
for r in results: for r in results:
level = r.get('level', '?') level = r.get('level', '?')
@ -66,15 +60,14 @@ jobs:
line = loc.get('region', {}).get('startLine', '?') line = loc.get('region', {}).get('startLine', '?')
col = loc.get('region', {}).get('startColumn', '?') col = loc.get('region', {}).get('startColumn', '?')
lines.append(f'- **{level.upper()}** \`{path}:{line}:{col}\` [{rule}] — {msg}') lines.append(f'- **{level.upper()}** \`{path}:{line}:{col}\` [{rule}] — {msg}')
body = '\n'.join(lines)
print(body) print('\n'.join(lines))
") ")
curl -s -X POST \ curl -sf -X POST \
-H "Authorization: token ${{ github.token }}" \ -H "Authorization: token ${{ secrets.FORGEJO_PUSH_TOKEN }}" \
-H "Content-Type: application/json" \ -H "Content-Type: application/json" \
"https://bitfreedom.net/api/v1/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" \ "https://bitfreedom.net/code/api/v1/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" \
-d "{\"body\": $(python3 -c 'import json,sys; print(json.dumps(sys.stdin.read()))' <<< "$FINDINGS")}" -d "{\"body\": $(python3 -c 'import json,sys; print(json.dumps(sys.stdin.read()))' <<< "$FINDINGS")}"
- name: Fail if HIGH or above findings found - name: Fail if HIGH or above findings found