New blog post: Conan Github Action #285
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Uilian Ries <uilianries@gmail.com>
Signed-off-by: Uilian Ries <uilianries@gmail.com>
czoido
reviewed
Apr 21, 2025
czoido
reviewed
Apr 21, 2025
Signed-off-by: Uilian Ries <uilianries@gmail.com>
memsharded
approved these changes
Apr 21, 2025
| - **Conan Audit token:** The action allows you to specify a Conan Audit token, which can be used to authenticate with the Conan server. This is useful when you want to authenticate with a Audit server and scan your packages for vulnerabilities. Always use GitHub secrets to store your tokens and avoid exposing them in your workflow. | ||
| By default, the action will not use a Conan Audit token. | ||
|
|
||
| - **Configuration installation:** The action allows you to specify a list of URLs to install configuration files from. This is useful when you want to install profiles, settings, or other configuration files from a remote server. The action will download the files and install them in the Conan home folder, so you don't have to worry about managing them yourself. By default, the action will not install any configuration files. |
Member
There was a problem hiding this comment.
Maybe cite the conan config install/install-pkg command, so users can at least look it up in the Conan docs, otherwise, it might be a bit challenging to understand it (a link would be good, but not necessary if we don't want to spread the user attention)
Member
Author
There was a problem hiding this comment.
Added conan config command reference in the commit b277538
czoido
reviewed
Apr 21, 2025
czoido
reviewed
Apr 21, 2025
Co-authored-by: Carlos Zoido <mrgalleta@gmail.com>
czoido
reviewed
Apr 21, 2025
Signed-off-by: Uilian Ries <uilianries@gmail.com>
czoido
reviewed
Apr 21, 2025
czoido
reviewed
Apr 21, 2025
czoido
reviewed
Apr 21, 2025
| This workflow will run every night at 01:00 a.m. UTC and will install the latest version of Conan. | ||
| It will also scan the requirements and all the transitive dependencies listed in the `conanfile.py` for expected vulnerabilities and upload the report as an artifact. | ||
| The `conanfile.py` is expected to be present in the same repository. | ||
| Finally, it will check if there are any **high** severity vulnerabilities in the json result and fail the workflow if any are found. |
Contributor
There was a problem hiding this comment.
What do you think about showing a portion of the generated JSON and adding a bit more detail about how to use jq? To me, the post ends a bit abruptly.
Member
Author
There was a problem hiding this comment.
Add a JSON content with more information in the commit 8b09bce
Co-authored-by: Carlos Zoido <mrgalleta@gmail.com>
Signed-off-by: Uilian Ries <uilianries@gmail.com>
Signed-off-by: Uilian Ries <uilianries@gmail.com>
Signed-off-by: Uilian Ries <uilianries@gmail.com>
Signed-off-by: Uilian Ries <uilianries@gmail.com>
Member
Author
|
@czoido @memsharded Thank you for your review! I just applied your suggestions, the PR is ready for another round. |
czoido
approved these changes
Apr 21, 2025
Signed-off-by: Uilian Ries <uilianries@gmail.com>
Signed-off-by: Uilian Ries <uilianries@gmail.com>
AbrilRBS
reviewed
Apr 21, 2025
Co-authored-by: Abril Rincón Blanco <5364255+AbrilRBS@users.noreply.github.com>
Co-authored-by: Abril Rincón Blanco <5364255+AbrilRBS@users.noreply.github.com>
Co-authored-by: Abril Rincón Blanco <5364255+AbrilRBS@users.noreply.github.com>
Co-authored-by: Abril Rincón Blanco <5364255+AbrilRBS@users.noreply.github.com>
Co-authored-by: Abril Rincón Blanco <5364255+AbrilRBS@users.noreply.github.com>
Co-authored-by: Abril Rincón Blanco <5364255+AbrilRBS@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hello!
This blog post is intended to present the new GitHub Action for Conan.
My first idea is to present the tool, some features supported, and a small example. Please, take a look to see if we could use another approach.
Preview based on the commit b7c78db