e53a282fbe
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Manifest Integrity / Audit SHA256SUMS Files (push) Has been cancelled
Manifest Integrity / Validate Schema Integrity (push) Has been cancelled
Manifest Integrity / Validate Contract Documents (push) Has been cancelled
Manifest Integrity / Validate Pack Fixtures (push) Has been cancelled
Manifest Integrity / Verify Merkle Roots (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
Notify Smoke Test / Notify Unit Tests (push) Has been cancelled
Notify Smoke Test / Notifier Service Tests (push) Has been cancelled
Notify Smoke Test / Notification Smoke Test (push) Has been cancelled
- Introduced `NativeTestBase` class for ELF, PE, and Mach-O binary parsing helpers and assertions. - Created `TestCryptoFactory` for SM2 cryptographic provider setup and key generation. - Implemented `Sm2SigningTests` to validate signing functionality with environment gate checks. - Developed console export service and store with comprehensive unit tests for export status management.
126 lines
3.6 KiB
YAML
126 lines
3.6 KiB
YAML
name: Manifest Integrity
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
paths:
|
|
- 'docs/**/*.schema.json'
|
|
- 'docs/contracts/**'
|
|
- 'docs/schemas/**'
|
|
- 'scripts/packs/**'
|
|
pull_request:
|
|
paths:
|
|
- 'docs/**/*.schema.json'
|
|
- 'docs/contracts/**'
|
|
- 'docs/schemas/**'
|
|
- 'scripts/packs/**'
|
|
|
|
jobs:
|
|
validate-schemas:
|
|
name: Validate Schema Integrity
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '20'
|
|
|
|
- name: Install dependencies
|
|
run: npm install -g ajv-cli ajv-formats
|
|
|
|
- name: Validate JSON schemas
|
|
run: |
|
|
EXIT_CODE=0
|
|
for schema in docs/schemas/*.schema.json; do
|
|
echo "Validating $schema..."
|
|
if ! ajv compile -s "$schema" --spec=draft2020 2>/dev/null; then
|
|
echo "Error: $schema is invalid"
|
|
EXIT_CODE=1
|
|
fi
|
|
done
|
|
exit $EXIT_CODE
|
|
|
|
validate-contracts:
|
|
name: Validate Contract Documents
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Check contract structure
|
|
run: |
|
|
for contract in docs/contracts/*.md; do
|
|
echo "Checking $contract..."
|
|
# Verify required sections exist
|
|
if ! grep -q "^## " "$contract"; then
|
|
echo "Warning: $contract missing section headers"
|
|
fi
|
|
# Check for decision ID
|
|
if grep -q "Decision ID" "$contract" && ! grep -q "DECISION-\|CONTRACT-" "$contract"; then
|
|
echo "Warning: $contract missing decision ID format"
|
|
fi
|
|
done
|
|
|
|
validate-pack-fixtures:
|
|
name: Validate Pack Fixtures
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Setup Python
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: '3.12'
|
|
|
|
- name: Install dependencies
|
|
run: pip install jsonschema
|
|
|
|
- name: Run fixture validation
|
|
run: |
|
|
if [ -f scripts/packs/run-fixtures-check.sh ]; then
|
|
chmod +x scripts/packs/run-fixtures-check.sh
|
|
./scripts/packs/run-fixtures-check.sh
|
|
fi
|
|
|
|
checksum-audit:
|
|
name: Audit SHA256SUMS Files
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Validate checksums
|
|
run: |
|
|
find . -name "SHA256SUMS" -type f | while read f; do
|
|
dir=$(dirname "$f")
|
|
echo "Validating checksums in $dir..."
|
|
cd "$dir"
|
|
# Check if all referenced files exist
|
|
while read hash file; do
|
|
if [ ! -f "$file" ]; then
|
|
echo "Warning: $file referenced in SHA256SUMS but not found"
|
|
fi
|
|
done < SHA256SUMS
|
|
cd - > /dev/null
|
|
done
|
|
|
|
merkle-consistency:
|
|
name: Verify Merkle Roots
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Check DSSE Merkle roots
|
|
run: |
|
|
find . -name "*.dsse.json" -type f | while read f; do
|
|
echo "Checking Merkle root in $f..."
|
|
# Extract and validate Merkle root if present
|
|
if jq -e '.payload' "$f" > /dev/null 2>&1; then
|
|
PAYLOAD=$(jq -r '.payload' "$f" | base64 -d 2>/dev/null || echo "")
|
|
if echo "$PAYLOAD" | jq -e '._stellaops.merkleRoot' > /dev/null 2>&1; then
|
|
MERKLE=$(echo "$PAYLOAD" | jq -r '._stellaops.merkleRoot')
|
|
echo " Merkle root: $MERKLE"
|
|
fi
|
|
fi
|
|
done
|