Skip to content

Commit 8be7345

Browse files
committed
ci: Wire ASVS gate workflow on PRs targeting master
1 parent 73af32a commit 8be7345

2 files changed

Lines changed: 27 additions & 3 deletions

File tree

.github/workflows/asvs-gate.yml

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
name: OWASP ASVS gate
2+
3+
on:
4+
pull_request:
5+
branches: [master]
6+
types: [opened, synchronize, reopened]
7+
8+
permissions:
9+
contents: read
10+
pull-requests: read
11+
12+
jobs:
13+
asvs-checklist:
14+
runs-on: ubuntu-latest
15+
steps:
16+
- uses: actions/checkout@v6
17+
with:
18+
fetch-depth: 0
19+
20+
- name: Enforce ASVS re-affirmation on TLS code changes
21+
env:
22+
BASE_SHA: ${{ github.event.pull_request.base.sha }}
23+
HEAD_SHA: ${{ github.event.pull_request.head.sha }}
24+
run: .github/scripts/asvs-gate.sh

docs/superpowers/plans/2026-05-21-owasp-asvs.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -382,7 +382,7 @@ SKIP=commitlint git commit -m "ci: Add ASVS re-affirmation gate script"
382382

383383
- Create: `.github/workflows/asvs-gate.yml`
384384

385-
- [ ] **Step 1: Write the workflow**
385+
- [x] **Step 1: Write the workflow**
386386

387387
Write `.github/workflows/asvs-gate.yml`:
388388

@@ -413,7 +413,7 @@ jobs:
413413
run: .github/scripts/asvs-gate.sh
414414
```
415415
416-
- [ ] **Step 2: Lint the workflow file**
416+
- [x] **Step 2: Lint the workflow file**
417417
418418
The repo has pre-commit hooks including yamllint. Run them against the new file:
419419
@@ -423,7 +423,7 @@ pre-commit run --files .github/workflows/asvs-gate.yml
423423

424424
Expected: all hooks pass.
425425

426-
- [ ] **Step 3: Commit**
426+
- [x] **Step 3: Commit**
427427

428428
```bash
429429
git add .github/workflows/asvs-gate.yml

0 commit comments

Comments
 (0)