-
Notifications
You must be signed in to change notification settings - Fork 131
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add review bot #341
base: main
Are you sure you want to change the base?
feat: add review bot #341
Conversation
f40b90f
to
9a5a55f
Compare
This looks like nice work! :-) How far are you planning to go with the automation? |
@steve-mcintyre What more could be possible? Ideas welcome! |
9a5a55f
to
6a683f8
Compare
Check the bug mentioned by @aronowski in v0.0.6. |
6a683f8
to
44e1a7b
Compare
Great job! Thanks! I'm also thinking about some more minor than major things that can be fairly easily implemented and add some quality of life improvements to the applicants' lives. For instance, some time ago I posted this comment and while I wouldn't even be able to express myself algorithmically in my natural language on how to implement something like an analyzer that prohibits using outdated upstream SBAT entries ( For instance, let the bot check for files that match the |
@aronowski I'm very excited! Thanks for the great idea. I'll think about how to implement it soon. |
44e1a7b
to
ea1d7e8
Compare
v0.0.7: patch list (sample: jc-lab/shim-review-bot#2 (comment)) |
ea1d7e8
to
ffbd729
Compare
path: /tmp/comment.txt | ||
write-mode: overwrite | ||
contents: ${{ github.event.comment.body }} | ||
- uses: jc-lab/[email protected] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A bit nitpick, but in the context of a security review I'd suggest pinning on to a - arguably less readable - commit id.
This is to ensure nobody would rewrite the tag on the - external - action repository and sneak in an altered/deceptive review.
I guess same issue with the write-file-action
and swap branch name to a commit id.
Close #340
See also #296 (comment)
Applying this workflow can be automatic review through comments.
It can automatically reproduce builds through Dockerfile and help with reviews.
See sample: jc-lab/shim-review-bot#2
Sample review directory: https://github.com/jc-lab/shim-review-bot/tree/master/sample-repo
(need pre-built efi, sbat.csv, vendor certificate, and Dockerfile.)