diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 8d4cd4d..2923a17 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -31,17 +31,29 @@ jobs: path: pan-chainguard token: ${{ secrets.GITHUB_TOKEN }} - - name: CCADB - continue-on-error: false + - name: Download DBs run: | curl -sOJ --output-dir latest-certs https://ccadb.my.salesforce-sites.com/ccadb/AllCertificateRecordsCSVFormatv2 curl -sOJ --output-dir latest-certs https://ccadb.my.salesforce-sites.com/mozilla/MozillaIntermediateCertsCSVReport curl -sOJ --output-dir latest-certs https://ccadb.my.salesforce-sites.com/mozilla/PublicAllIntermediateCertsWithPEMCSV mv latest-certs/certificates-new.tgz latest-certs/certificates-old.tgz + ls -l latest-certs + + - name: Sprocket + run: | pan-chainguard/bin/sprocket.py --verbose --ccadb latest-certs/AllCertificateRecordsReport.csv --fingerprints latest-certs/root-fingerprints.csv --policy latest-certs/policy.json + + - name: Chain + run: | pan-chainguard/bin/chain.py --verbose -c latest-certs/AllCertificateRecordsReport.csv -r latest-certs/root-fingerprints.csv -i latest-certs/intermediate-fingerprints.csv --tree latest-certs/certificate-tree.json + + - name: Chainring + run: | pan-chainguard/bin/chainring.py --tree latest-certs/certificate-tree.json --format html > latest-certs/certificate-tree.html pan-chainguard/bin/chainring.py --tree latest-certs/certificate-tree.json --format json > latest-certs/certificate-tree.json + + - name: Link + run: | pan-chainguard/bin/link.py --verbose -f latest-certs/root-fingerprints.csv -f latest-certs/intermediate-fingerprints.csv -m latest-certs/MozillaIntermediateCerts.csv -m latest-certs/PublicAllIntermediateCertsWithPEMReport.csv --certs-old latest-certs/certificates-old.tgz --certs-new latest-certs/certificates-new.tgz - name: commit files