Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: add a scheduled audit workflow #3092

Merged
merged 1 commit into from
Oct 20, 2021
Merged

ci: add a scheduled audit workflow #3092

merged 1 commit into from
Oct 20, 2021

Conversation

yangby-cryptape
Copy link
Collaborator

What problem does this PR solve?

At present, CKB only checks security vulnerabilities when some one submits a pull request.

If no one submit a pull request, we couldn't know whether CKB has security vulnerabilities or not.

This PR add a scheduled audit workflow to check security vulnerabilities daily.
So we could know any security vulnerability in 24 hours after it became public.

Ref: https://github.com/actions-rs/audit-check#scheduled-audit

Check List

Tests

  • No code (skip ci)

Release note

None: Exclude this PR from the release note.

@yangby-cryptape yangby-cryptape added the t:ci Type: CI label Oct 13, 2021
@yangby-cryptape yangby-cryptape requested a review from a team as a code owner October 13, 2021 09:31
@yangby-cryptape
Copy link
Collaborator Author

Due to this bug: actions-rs/audit-check#163

Close temporarily, until the fix that.

@liya2017 liya2017 self-requested a review October 14, 2021 08:06
@doitian
Copy link
Member

doitian commented Oct 19, 2021

bors r=quake,liya2017

@yangby-cryptape
Copy link
Collaborator Author

bors retry

@bors
Copy link
Contributor

bors bot commented Oct 20, 2021

Build succeeded:

@bors bors bot merged commit a61d6f1 into nervosnetwork:develop Oct 20, 2021
@yangby-cryptape yangby-cryptape deleted the pr/scheduled-audit branch October 20, 2021 01:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liya2017 liya2017 liya2017 approved these changes

@quake quake quake approved these changes

@doitian doitian Awaiting requested review from doitian doitian is a code owner automatically assigned from nervosnetwork/ckb-dev

@chanhsu001 chanhsu001 Awaiting requested review from chanhsu001 chanhsu001 is a code owner automatically assigned from nervosnetwork/ckb-dev

Assignees
No one assigned
Labels
t:ci Type: CI
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@yangby-cryptape @doitian @quake @liya2017 @chanhsu001