Skip to content

Adding Fixed Advisory GHSA-8w49-h785-mj3c for py3-tornado (#9219) #18599

Adding Fixed Advisory GHSA-8w49-h785-mj3c for py3-tornado (#9219)

Adding Fixed Advisory GHSA-8w49-h785-mj3c for py3-tornado (#9219) #18599

Workflow file for this run

name: Validate
on:
pull_request:
branches:
- 'main'
push:
branches:
- gh-readonly-queue/main/**
permissions:
contents: read
jobs:
lint:
name: Validate
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
path: './wolfi-advisories'
- name: 'Clone Wolfi packages repository'
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: 'wolfi-dev/os'
fetch-depth: 0
path: './wolfi-packages'
ref: 'main'
- name: get fork point
id: fork-point
working-directory: ./wolfi-advisories
run: |
fork_point=$(git merge-base --fork-point refs/remotes/origin/${{ github.base_ref }} HEAD || git rev-parse HEAD)
echo "fork point will be $fork_point"
echo "fork_point=$fork_point" >> $GITHUB_OUTPUT
# this need to point to main to always get the latest action
- uses: wolfi-dev/actions/advisories-validate@main # main
with:
fork_point: ${{ steps.fork-point.outputs.fork_point }}
advisories-directory: './wolfi-advisories'
packages-directory: './wolfi-packages'
repository: ${{ github.repository }}
package-repo-url: 'https://packages.wolfi.dev/os'
token: ${{ secrets.GITHUB_TOKEN }}