Skip to content

fix: Add APKAM private and publick key for Alice atSign #36

fix: Add APKAM private and publick key for Alice atSign

fix: Add APKAM private and publick key for Alice atSign #36

Workflow file for this run

name: static_analysis
# Runs the workflow on the below events:
# 1. on pull request raised to trunk branch.
# 2. on push event to trunk branch.
on:
push:
branches:
- trunk
pull_request:
branches:
- trunk
permissions: # added using https://github.com/step-security/secure-workflows
contents: read
jobs:
static_analysis:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: dart-lang/setup-dart@b64355ae6ca0b5d484f0106a033dd1388965d06d # v1.6.0
with:
sdk: stable
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: 'stable'
cache-dependency-path: tools/osv-scanner/go.sum
# Runs dart lint rules
- name: Install dependencies and run analyze - mwc_demo/dart/iot_sender
working-directory: ./mwc_demo/dart/iot_sender/
run: |
dart pub get
dart analyze
- name: Install dependencies and run analyze - at_notifications
working-directory: ./at_notifications/
run: |
dart pub get
dart analyze
- name: Install dependencies and run analyze - at_demo_data
working-directory: ./at_demo_data/
run: |
dart pub get
dart analyze
- name: Install dependencies and run analyze - at_data_share
working-directory: ./at_data_share/
run: |
dart pub get
dart analyze
# Runs osv-scanner to find any vulnerable Dart dependencies
# It needs to look at pubspec.lock files, which is why it's
# placed here, as the `dart pub get` above will create them
- name: Run osv-scanner
run: |
go install github.com/google/osv-scanner/cmd/osv-scanner@6316373e47d7e3e4b4fd3630c4bbc10987738de6 # v1.4.3
osv-scanner --lockfile=./mwc_demo/dart/iot_sender/pubspec.lock
osv-scanner --lockfile=./at_notifications/pubspec.lock
osv-scanner --lockfile=./at_demo_data/pubspec.lock
osv-scanner --lockfile=./at_data_share/pubspec.lock