diff --git a/.forgejo/workflows/nyxscanner.yml b/.forgejo/workflows/nyxscanner.yml index 7c9313f..2ee672c 100644 --- a/.forgejo/workflows/nyxscanner.yml +++ b/.forgejo/workflows/nyxscanner.yml @@ -6,39 +6,27 @@ on: jobs: nyx-scan: - runs-on: docker-amd64 # eine Architektur reicht für SAST + runs-on: docker-amd64 steps: - - name: Checkout target repo - uses: actions/checkout@v4 - - - name: Checkout nyx from Forgejo mirror - uses: actions/checkout@v4 - with: - repository: apunkt/nyx - # URL deiner Forgejo-Instanz: - server_url: https://bitfreedom.net/code/ - ref: master - path: .nyx-src - - - name: Install Rust - uses: https://github.com/actions-rust-lang/setup-rust-toolchain@v1 - with: - toolchain: stable - - - name: Build nyx from source + - name: Checkout PR run: | - cd .nyx-src - cargo build --release - sudo cp target/release/nyx /usr/local/bin/nyx + git clone --depth=1 \ + "https://oauth2:${{ github.token }}@bitfreedom.net/code/${{ github.repository }}.git" \ + . + git fetch --depth=1 origin ${{ github.sha }} + git checkout ${{ github.sha }} - - name: Run NYX scan + - name: Fetch action source run: | - nyx scan --format sarif --fail-on MEDIUM > nyx-results.sarif + git clone --depth=1 --branch master \ + "https://oauth2:${{ github.token }}@bitfreedom.net/code/nomyo-ai/actions.git" \ + ./.nyx-action - - name: Upload results - if: always() - uses: actions/upload-artifact@v4 + - uses: ./.nyx-action/nyx-scan with: - name: nyx-sarif-report - path: nyx-results.sarif \ No newline at end of file + forgejo_push_token: ${{ secrets.FORGEJO_PUSH_TOKEN }} + repository: ${{ github.repository }} + pr_number: ${{ github.event.pull_request.number }} + sha: ${{ github.sha }} + fail_on: HIGH \ No newline at end of file