Skip to content

Commit

Permalink
Updated CI pipeline with new values and switched initial plank holder…
Browse files Browse the repository at this point in the history
… to be usncd
  • Loading branch information
jordangov committed Aug 1, 2024
1 parent bfc1709 commit cde0293
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 7 deletions.
6 changes: 4 additions & 2 deletions .github/workflows/check-submission.yml
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,9 @@ jobs:
- name: Check Submission
id: check_submission
run: >-
HASH_INPUT="${{ github.event.pull_request.user.login }}-${{ secrets.SALT1 }}-${{ secrets.SALT2 }}"; echo "Checking diff from ${{ github.event.pull_request.head.ref }} on ${{ github.event.pull_request.head.repo.full_name }}...";
HASH_INPUT="${{ github.event.pull_request.user.login }}-${{ secrets.PHRASE }}-${{ secrets.WG }}";
echo "Checking diff from ${{ github.event.pull_request.head.ref }} on ${{ github.event.pull_request.head.repo.full_name }}...";
SUBMISSION=`(diff target/plank-holders.md source/plank-holders.md || true) | awk '/\* @${{ github.event.pull_request.user.login }}/{ print $4 }'`;
CHECK=`echo -n "$HASH_INPUT" | openssl dgst -${{ secrets.ALGO }} | awk '/[a-z0-9]+/{ print $2 }'`;
Expand All @@ -41,7 +43,7 @@ jobs:
if [[ "$SUBMISSION" = "$CHECK" ]]; then
echo "Submission match"
echo "RESULT=pass" >> "$GITHUB_OUTPUT";
echo "MESSAGE='🤩 Wow, you are an open source hero! Find a volunteer with the special White House badge to claim your fame!'" >> "$GITHUB_OUTPUT";
echo "MESSAGE='🤩 Wow, you are an open source hero! Find a volunteer from the Office of the National Cyber Director (ONCD) and show them what you've done! (Note: you will need prove you own this GitHub account.)'" >> "$GITHUB_OUTPUT";
else
echo "Submission does not match"
echo "RESULT=fail" >> "$GITHUB_OUTPUT";
Expand Down
10 changes: 5 additions & 5 deletions plank-holders.md
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
# Open Source Software Security Plank Holders

This is the list of OSS Security "plank holders" - people who have committed themselves early on to supporting a secure and trustworthy open source software ecosystem. Add your name to the list below with your GitHub handle and the correct hash.
This is the list of OSS Security "plank holders": people who have committed themselves early on to supporting a secure and trustworthy open source software ecosystem.

## INSTRUCTIONS
## Want to add yourself to the list?

Fork this repository, add your name to the list below (**along with the correct hash**), and open a Pull Request to the upstream repository. Your hash is unique to you. Exactly how to generate the hash is the puzzle!
You can add your name to the list below with your GitHub handle and the correct, unique hash for your GitHub account. To do so, fork this repository, add your username and hash, and open a Pull Request to the upstream repository. Not sure how to generate the hash? Perhaps check with ONCD personnel at DEF CON 32!

> PRs will be evaluated automatically by our CI pipeline. In order to be added to the list, your PR **must pass the CI status check**.
> [//]: # (Do not allow: xz p0wner)
> [//]: # (Check for "open source software security initiative" members)
## Plank Holder List

* @whitehouse ae82cfd9e7b3916b2ef48ee7a2444dbb8922778988d02b3dbe87d28e223edd052929068d02e2d1761b648bf5ad157b4cde17d2d662abf19455bd93213e26d382
* @usncd e08a992f3c07dc80af45f33014d3931a6910a147b0281febe176b33d3039a042f34aa53bec0a2be0e1fe49cb7feca3f275583cf0ac29fde82fb7bc1a7f1baf8d

0 comments on commit cde0293

Please sign in to comment.