chore: fix security alerts (#1493)

https://github.com/project-zot/zot/security/code-scanning/4293

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
This commit is contained in:
Ramkumar Chinchani 2023-06-01 16:53:50 -07:00 committed by GitHub
parent 96d00cd0ef
commit d9e5f33e7e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 22 additions and 19 deletions

View File

@ -10,10 +10,7 @@ on:
- published
name: build-test
permissions:
contents: read
packages: write
permissions: read-all
jobs:
build-test:
@ -355,6 +352,9 @@ jobs:
if: github.event_name == 'release' && github.event.action== 'published'
needs: push-image
name: Update Helm Chart
permissions:
contents: write
packages: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3

View File

@ -10,6 +10,8 @@ on:
branches:
- main
permissions: read-all
jobs:
check-commit-message-style:
name: Check commit message style

View File

@ -23,7 +23,7 @@ jobs:
- name: Install dependencies
run: |
cd $GITHUB_WORKSPACE
go install github.com/swaggo/swag/cmd/swag
go install github.com/swaggo/swag/cmd/swag@v1.8.12
go mod download
sudo apt-get update
sudo apt-get install libgpgme-dev libassuan-dev libbtrfs-dev libdevmapper-dev pkg-config rpm uidmap
@ -66,7 +66,7 @@ jobs:
- name: Install dependencies
run: |
cd $GITHUB_WORKSPACE
go install github.com/swaggo/swag/cmd/swag
go install github.com/swaggo/swag/cmd/swag@v1.8.12
go mod download
- name: Run sync harness
run: |

View File

@ -7,13 +7,14 @@ on:
- main
workflow_dispatch:
permissions:
contents: read
packages: write
permissions: read-all
jobs:
sync-golang:
name: 'golang'
permissions:
contents: read
packages: write
strategy:
matrix:
golang_version:
@ -34,6 +35,9 @@ jobs:
docker push ghcr.io/${{ github.repository_owner }}/golang:${{ matrix.golang_version }}
sync-trivy:
name: 'trivy-db'
permissions:
contents: read
packages: write
runs-on: ubuntu-latest
steps:
- name: Copy trivy-db using oras cli

View File

@ -25,6 +25,7 @@ CRICTL_VERSION := v1.26.1
ACTION_VALIDATOR := $(TOOLSDIR)/bin/action-validator
ACTION_VALIDATOR_VERSION := v0.2.1
ZUI_VERSION := commit-05d5f74
SWAGGER_VERSION := 1.8.12
STACKER := $(TOOLSDIR)/bin/stacker
BATS := $(TOOLSDIR)/bin/bats
TESTDATA := $(TOP_LEVEL)/test/data
@ -203,7 +204,7 @@ check: ./golangcilint.yaml $(GOLINTER)
rm pkg/extensions/build/.empty
swagger/docs.go:
swag -v || go install github.com/swaggo/swag/cmd/swag@1.6.3
swag -v || go install github.com/swaggo/swag/cmd/swag@$(SWAGGER_VERSION)
swag init -o swagger -g pkg/api/routes.go
.PHONY: swagger

View File

@ -9,7 +9,8 @@
## Reporting a Vulnerability
When a vulnerability is found, please *DO NOT* file a public issue.
Instead, send an email to one of the core [maintainers](MAINTAINERS.md) and
await acknowledgement. Normally we expect to resolve the issue in 60 days.
However should there be an exception the team will reach out for next steps.
When a vulnerability is found, please *DO NOT* file a public issue. Instead,
send an email to one of the core [maintainers](MAINTAINERS.md) and await
acknowledgement _OR_ file a [private security issue](https://github.com/project-zot/zot/security/advisories).
Normally we expect to resolve the issue in 60 days. However should there be an exception
the team will reach out for next steps.

View File

@ -49,11 +49,6 @@ linters-settings:
mnd:
checks: argument,case,condition,operation,return,assign
ignored-numbers: 10,64
gomoddirectives:
replace-allow-list:
- helm.sh/helm/v3
- github.com/spdx/tools-golang
- github.com/opencontainers/image-spec
issues:
exclude-rules:
- path: pkg/extensions/search/schema.resolvers.go