-
-
Notifications
You must be signed in to change notification settings - Fork 511
98 lines (84 loc) · 2.8 KB
/
Copy pathbcos-example.yml
File metadata and controls
98 lines (84 loc) · 2.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# BCOS v2 Scan - Example Workflow for External Repos
#
# This is an EXAMPLE workflow showing how BCOS scanning will work
# once the bcos-action is published. It runs a lightweight inline
# check for now.
name: BCOS v2 Scan
on:
pull_request:
branches: [main]
workflow_dispatch:
inputs:
tier:
description: 'Certification tier (L0, L1, L2)'
required: false
default: 'L1'
type: choice
options:
- L0
- L1
- L2
jobs:
bcos-scan:
name: BCOS Trust Score
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: '3.11'
- name: Run BCOS Scan (inline)
id: bcos
run: |
# Inline BCOS scan until bcos-action is published
TIER="${{ inputs.tier || 'L1' }}"
echo "Running BCOS v2 scan at tier: $TIER"
SCORE=0
# Check 1: LICENSE exists
if [ -f LICENSE ] || [ -f LICENSE.md ]; then
echo " [PASS] LICENSE found"
SCORE=$((SCORE + 15))
else
echo " [FAIL] No LICENSE file"
fi
# Check 2: No secrets in repo
if ! grep -rn 'AKIA\|sk-\|ghp_\|-----BEGIN.*PRIVATE' --include='*.py' --include='*.js' --include='*.ts' . 2>/dev/null | grep -v '.github/'; then
echo " [PASS] No hardcoded secrets detected"
SCORE=$((SCORE + 20))
else
echo " [WARN] Possible secrets found"
fi
# Check 3: README exists
if [ -f README.md ] || [ -f README.rst ]; then
echo " [PASS] README found"
SCORE=$((SCORE + 10))
else
echo " [FAIL] No README"
fi
# Check 4: Has tests
if [ -d tests ] || [ -d test ]; then
echo " [PASS] Test directory found"
SCORE=$((SCORE + 15))
else
echo " [WARN] No test directory"
fi
# Check 5: CI configured
if [ -d .github/workflows ]; then
echo " [PASS] CI workflows found"
SCORE=$((SCORE + 10))
fi
echo "trust_score=$SCORE" >> "$GITHUB_OUTPUT"
echo ""
echo "BCOS Trust Score: $SCORE/100 (Tier: $TIER)"
- name: Summary
run: |
echo "### BCOS Scan Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Metric | Value |" >> $GITHUB_STEP_SUMMARY
echo "|----------|-------|" >> $GITHUB_STEP_SUMMARY
echo "| Trust Score | ${{ steps.bcos.outputs.trust_score }}/100 |" >> $GITHUB_STEP_SUMMARY
echo "| Tier | ${{ inputs.tier || 'L1' }} |" >> $GITHUB_STEP_SUMMARY