gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
4dbac421ab9400847fa1a44393b26b28fb38b052
clawsec/scripts/test-ghsa-poll-workflow.mjs
T
davida-ps 4dbac421ab feat(advisories): add provisional GHSA feed (#242) 
* feat(advisories): add provisional ghsa feed

* fix(workflows): include advisory signatures in checksums

* fix(workflows): mirror ghsa feed at release root

* feat(advisories): consolidate ghsa into agent feed

* ci(advisories): consolidate ghsa during nvd poll

* fix(advisories): retain unreplaced ghsa feed entries

* chore(skills): bump advisory feed consumers

* fix(release): resolve ts import closure dry run

* fix(release): preserve urls while stripping comments

* fix(release): ignore skill test-only changes

* fix(advisories): follow ghsa pagination links

* test(advisories): add nvd ghsa pipeline dry run
2026-05-24 21:41:59 +03:00

38 lines
1.2 KiB
JavaScript
Raw Blame History

import assert from 'node:assert/strict';
import { readFile } from 'node:fs/promises';
const workflowPath = new URL('../.github/workflows/poll-ghsa-without-cve.yml', import.meta.url);
const workflow = await readFile(workflowPath, 'utf8');
assert.match(workflow, /workflow_dispatch:/, 'GHSA poll workflow must remain runnable as a manual fallback');
assert.doesNotMatch(
workflow,
/\n\s+schedule:/,
'Scheduled GHSA consolidation belongs to the NVD workflow to avoid duplicate automated feed PRs',
);
assert.match(
workflow,
/FEED_PATH:\s+advisories\/feed\.json/,
'GHSA poll workflow must know the consolidated agent feed path',
);
assert.match(
workflow,
/SKILL_FEED_PATH:\s+skills\/clawsec-feed\/advisories\/feed\.json/,
'GHSA poll workflow must sync the consolidated agent feed into clawsec-feed',
);
assert.match(
workflow,
/--consolidated-feed "\$FEED_PATH"/,
'GHSA poll workflow must merge GHSA advisories into the agent-facing feed',
);
assert.match(
workflow,
/input_file: \$\{\{ env\.FEED_PATH \}\}/,
'GHSA poll workflow must sign the consolidated agent feed when it changes',
);
assert.match(
workflow,
/cp "\$FEED_SIG_PATH" "\$SKILL_FEED_SIG_PATH"/,
'GHSA poll workflow must sync consolidated feed signature into clawsec-feed',
);
Reference in New Issue View Git Blame Copy Permalink