diff --git a/Dockerfile b/Dockerfile index 2c9ba8b..8da51b1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM haskell:9.6.3-buster AS build +FROM haskell:9.8.2-buster AS build RUN git clone https://github.com/haskell-actions/hlint-scan.git /src/hlint-scan WORKDIR /src/hlint-scan RUN stack install hlint hlint-scan:exe:hlint-scan && \ diff --git a/README.md b/README.md index 95ef6b2..48e23f8 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ for which code scanning will trigger a failed check. [status check]: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks -[adjust the alert severity]: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#defining-the-alert-severities-that-give-a-check-failure-for-a-pull-request +[adjust the alert severity]: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#defining-the-alert-severities-that-cause-a-check-failure-for-a-pull-request ### Inputs @@ -105,16 +105,12 @@ and Google specifically disclaims all warranties as to its quality, merchantability, or fitness for a particular purpose. -[Category]: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning#configuring-a-category-for-the-analysis +[Category]: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#configuring-a-category-for-the-analysis -[GitHub code scanning]: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning +[GitHub code scanning]: https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning [HLint]: https://github.com/ndmitchell/hlint [HLint configuration file]: https://github.com/ndmitchell/hlint#customizing-the-hints -[haskell/actions/hlint-setup]: https://github.com/haskell/actions/tree/main/hlint-setup - -[haskell/actions/hlint-run]: https://github.com/haskell/actions/tree/main/hlint-run - -[write permission for `security-events`]: https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data +[write permission for `security-events`]: https://docs.github.com/en/rest/code-scanning/code-scanning?apiVersion=2022-11-28#upload-an-analysis-as-sarif-data diff --git a/action.yaml b/action.yaml index a779448..26e10ea 100644 --- a/action.yaml +++ b/action.yaml @@ -41,7 +41,7 @@ outputs: runs: using: docker - image: docker://ghcr.io/haskell-actions/hlint-scan:v1.1.0 + image: docker://ghcr.io/haskell-actions/hlint-scan:v1.2.0 args: - binary=${{ inputs.binary }} - path=${{ inputs.path }} diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 7abc02b..de7b96b 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -10,6 +10,11 @@ the [Haskell Package Versioning Policy]. ## Unreleased +## 1.2.0 - 2024-10-31 + +* Update to HLint v3.8. +* Update to LTS Haskell Stack `nightly-2024-10-21`. + ## 1.1.0 - 2023-12-08 * Update to LTS Haskell Stack and released version of HLint. diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md index 7a292b1..6d92434 100644 --- a/docs/CONTRIBUTING.md +++ b/docs/CONTRIBUTING.md @@ -33,7 +33,7 @@ for this purpose. ### Coding standards -[Hlint](https://github.com/ndmitchell/hlint) should report no issues, +[HLint](https://github.com/ndmitchell/hlint) should report no issues, and formatting should be according to [Ormolu](https://github.com/tweag/ormolu). Changes to code should include corresponding tests, which should ideally be property-based. diff --git a/docs/SECURITY.md b/docs/SECURITY.md index fcf6118..66480e3 100644 --- a/docs/SECURITY.md +++ b/docs/SECURITY.md @@ -4,9 +4,9 @@ | Version | Supported | | ------- | ------------------ | +| 1.2.0 | :white_check_mark: | | 1.1.0 | :white_check_mark: | -| 1.0.0 | :white_check_mark: | -| < 1.0 | :x: | +| < 1.1.0 | :x: | ## Reporting a Vulnerability diff --git a/package.yaml b/package.yaml index 01882b6..377594d 100644 --- a/package.yaml +++ b/package.yaml @@ -13,7 +13,7 @@ # limitations under the License. name: hlint-scan -version: 1.1.0 +version: 1.2.0 github: "haskell-actions/hlint-scan" license: Apache-2.0 author: "Yoo Chung" diff --git a/src/Fingerprint.hs b/src/Fingerprint.hs index 1c67983..bb7dae2 100644 --- a/src/Fingerprint.hs +++ b/src/Fingerprint.hs @@ -28,6 +28,7 @@ module Fingerprint (fill) where import Data.Aeson import Data.Aeson.KeyMap hiding (map) +import Data.Base64.Types (extractBase64) import Data.List (sort) import Data.Text (Text) import Data.Text qualified as Text @@ -125,7 +126,7 @@ toPartialFingerprint v = -- | Encode a list of optional text strings with Base64. encodeTextList :: [Maybe Text] -> Text -encodeTextList = encodeBase64 . Text.concat . map encodeItem +encodeTextList = extractBase64 . encodeBase64 . Text.concat . map encodeItem where encodeItem Nothing = ":" encodeItem (Just s) = s <> ":" diff --git a/src/Upload.hs b/src/Upload.hs index 9ec7116..872c48c 100644 --- a/src/Upload.hs +++ b/src/Upload.hs @@ -31,6 +31,7 @@ module Upload (toCall, toSettings, toOutputs) where import Codec.Compression.GZip import Data.Aeson import Data.Aeson.KeyMap qualified as KeyMap +import Data.Base64.Types (extractBase64) import Data.ByteString.Lazy (ByteString) import Data.ByteString.Lazy.Base64 import Data.String (fromString) @@ -75,7 +76,7 @@ toCall env sarifLog commitSha' = lookup "GITHUB_SHA" env ref' = lookup "GITHUB_REF" env workspace' = lookup "GITHUB_WORKSPACE" env - encodedSarif = encodeBase64 $ compress sarifLog + encodedSarif = extractBase64 . encodeBase64 $ compress sarifLog -- | Settings for calling the GitHub REST API. toSettings :: Maybe String -> GitHubSettings diff --git a/stack.yaml b/stack.yaml index e0e767c..a5b15ad 100644 --- a/stack.yaml +++ b/stack.yaml @@ -17,7 +17,7 @@ # https://docs.haskellstack.org/en/stable/yaml_configuration/ # Resolver to choose a 'specific' stackage snapshot or a compiler version. -resolver: lts-22.5 +resolver: nightly-2024-10-21 # User packages to be built. packages: diff --git a/test/UploadSpec.hs b/test/UploadSpec.hs index d6d20e7..144fb2d 100644 --- a/test/UploadSpec.hs +++ b/test/UploadSpec.hs @@ -24,6 +24,7 @@ module UploadSpec (spec) where import Codec.Compression.GZip (compress) import Data.Aeson hiding ((.:)) import Data.Aeson.KeyMap +import Data.Base64.Types (extractBase64) import Data.ByteString.Lazy.Base64 (encodeBase64) import Data.String (fromString) import Data.Text (Text) @@ -53,7 +54,7 @@ spec = do -- KeyValue is not instance of Eq show . endpointVals <$> call `shouldBe` Just (show ["repo" := repo]), extractSARIF . ghData <$> call - `shouldBe` Just (toStrict $ encodeBase64 $ compress output) + `shouldBe` Just (toStrict . extractBase64 . encodeBase64 . compress $ output) ] describe "toSettings" $ do