Auto update log_list.json and log_list.sig #1034

Workflow file for this run

	name: CI
	permissions:
	contents: read
	security-events: write

	on:
	push:
	branches:
	- main
	tags:
	- '*'
	pull_request:
	branches:
	- main

	jobs:

	validation:
	name: "Validation"
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: gradle/actions/wrapper-validation@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0

	mobsfscan:
	needs: [validation]
	name: "MobSF Code Scanning"
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: actions/[email protected]
	with:
	python-version: '3.12'
	- name: mobsfscan
	uses: MobSF/mobsfscan@main
	with:
	args: '. --sarif --output mobsfscan.sarif \|\| true'
	- name: Upload mobsfscan report
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: mobsfscan.sarif
	- uses: actions/upload-artifact@v4
	with:
	name: mobsfscan.sarif
	path: mobsfscan.sarif

	snyk:
	needs: [ validation ]
	name: "Snyk"
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- name: Download snyk
	run: \|
	curl -o ./snyk-linux https://downloads.snyk.io/cli/stable/snyk-linux && \
	curl -o ./snyk-linux.sha256 https://downloads.snyk.io/cli/stable/snyk-linux.sha256 && \
	sha256sum -c snyk-linux.sha256
	- name: Install snyk
	run: \|
	mv snyk-linux /usr/local/bin/snyk && \
	chmod +x /usr/local/bin/snyk
	- name: Execute snyk monitor
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	run: \|
	snyk monitor --prune-repeated-subdependencies --package-manager=gradle --file=certificatetransparency-android/build.gradle.kts \|\| (exit "$(($? == 1 ? 0 : $?))")
	- name: Execute snyk test
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	run: \|
	snyk test --sarif-file-output=snyk.sarif --prune-repeated-subdependencies --package-manager=gradle --file=certificatetransparency-android/build.gradle.kts \|\| (exit "$(($? == 1 ? 0 : $?))")
	- name: Upload snyk report
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: snyk.sarif
	- uses: actions/upload-artifact@v4
	with:
	name: snyk.sarif
	path: snyk.sarif
	retention-days: 1

	codeql-java-kotlin:
	needs: [ validation ]
	name: CodeQL (java-kotlin)
	runs-on: ubuntu-latest
	permissions:
	contents: read
	security-events: write
	packages: read

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	- uses: actions/setup-java@v4
	with:
	distribution: 'zulu'
	java-version: '17'

	- name: Initialize CodeQL
	uses: github/codeql-action/init@v3
	with:
	languages: java-kotlin
	build-mode: autobuild
	config: \|
	packs:
	- codeql/java-queries:AlertSuppression.ql
	- codeql/java-queries:AlertSuppressionAnnotations.ql

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v3
	with:
	category: "/language:java-kotlin"

	- uses: actions/upload-artifact@v4
	with:
	name: codeql-java.sarif
	path: /home/runner/work/certificatetransparency/results/java.sarif
	retention-days: 1

	codeql-actions:
	needs: [ validation ]
	name: CodeQL (actions)
	runs-on: ubuntu-latest
	permissions:
	contents: read
	security-events: write
	packages: read

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Initialize CodeQL
	uses: github/codeql-action/init@v3
	with:
	languages: actions
	build-mode: none

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v3
	with:
	category: "/language:actions"

	- uses: actions/upload-artifact@v4
	with:
	name: codeql-actions.sarif
	path: /home/runner/work/certificatetransparency/results/actions.sarif
	retention-days: 1

	build:
	needs: [ snyk, codeql-java-kotlin, codeql-actions, mobsfscan ]
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-java@v4
	with:
	distribution: 'zulu'
	java-version: '17'

	- name: Build with Gradle
	env:
	NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
	run: ./gradlew build --stacktrace

	- name: Upload reports
	if: failure()
	uses: actions/upload-artifact@v4
	with:
	name: test-results
	path: '/build/reports/'

	- name: Upload coverage to Codecov
	uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
	with:
	token: ${{secrets.CODECOV_TOKEN}}

	- name: Prepare tag properties
	run: \|
	echo "${{secrets.GPG_SIGNING_SECRET_KEY_RING_FILE_BASE64}}" > ~/.gradle/sonatype-appmattus-keys.gpg.b64
	base64 -d ~/.gradle/sonatype-appmattus-keys.gpg.b64 > ~/.gradle/sonatype-appmattus-keys.gpg
	echo "${{secrets.GPG_GRADLE_PROPERTIES}}" > ~/.gradle/gradle.properties
	if: startsWith(github.ref, 'refs/tags/')

	- name: Upload tag
	run: ./gradlew publishAllPublicationsToMavenCentral -Psigning.secretKeyRingFile=$(echo ~/.gradle/sonatype-appmattus-keys.gpg)
	if: startsWith(github.ref, 'refs/tags/')

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Auto update log_list.json and log_list.sig #1034

Workflow file

Auto update log_list.json and log_list.sig #1034

Uh oh!

Jobs

Run details

Workflow file for this run