6 Apr 2021 |
proletarius101 | In reply to @rdfg77:kde.org I thought it's time to include c# apps. We don't build ndk, sdk, RN or flutter. Why must we build c#? Just in case you are interested in working on it: https://gitlab.com/fdroid/fdroiddata/-/issues/1529 | 08:24:53 |
proletarius101 | In reply to @rdfg77:kde.org But it should be optional. The current issue bot is too noisy. I though that scan can be triggered by a command, e.g. /scan. I believe it should be a report json that could be parsed by the ci widget. That way it only shows the latest report (and you can find reports for each pipeline too). This can also be contributed to GitLab, such that more people will be benefited | 08:28:14 |
proletarius101 | We may also investigate the relationship between the scanner and exodus | 08:32:30 |
proletarius101 | Or mobsf | 08:32:49 |
@rdfg77:kde.org | In reply to @proletarius101:matrix.org Just in case you are interested in working on it: https://gitlab.com/fdroid/fdroiddata/-/issues/1529 I'm interested but have no idea how to do that. | 08:34:01 |
proletarius101 | In reply to @rdfg77:kde.org I'm interested but have no idea how to do that. Basically the build env setup is in the dockerfile I referred to. Then you just don't build in the app projects, as they do in their ci | 08:35:50 |
proletarius101 | * Basically the build env setup is in the dockerfile I referred to. Then you just dotnet build in the app projects, as they do in their ci | 08:36:22 |
@rdfg77:kde.org | I'd like to have a try, if I have more time.😅 | 08:38:36 |
proletarius101 | In reply to @rdfg77:kde.org I'd like to have a try, if I have more time.😅 Haha same for me 😂 | 08:39:14 |
@rdfg77:kde.org | Anyway, if no one do that, I'll find time finally. | 08:40:32 |
jochensp | _hc: (re server !896) you could have changed the MR and then merge it ;) | 09:05:53 |
_hc | I saw it after I made my mr | 09:06:11 |
jochensp | Ah, ok | 09:06:44 |
jochensp | Can you add a comment why we need that commit I'd? | 09:07:14 |
jochensp | *id | 09:07:18 |
_hc | ok | 09:10:26 |
_hc | linsui: it would be great to have issuebot post reports that the GitLab CI interface can display. issuebot already generates JSON, | 09:16:04 |
_hc | so it would mostly be a matter of figuring out what format to output the JSON, and where | 09:16:16 |
_hc | oops proletarius101 proposed the GitLab CI report showing | 09:17:16 |
_hc | d!1529 | 09:17:51 |
[gibot] | [data] !1529: de.live.gdev.* metadata updated - https://gitlab.com/fdroid/fdroiddata/merge_requests/1529 | 09:17:52 |
proletarius101 | In reply to @eighthave:matrix.org so it would mostly be a matter of figuring out what format to output the JSON, and where Oh, and that's easy. Probably the JUnit format: https://docs.gitlab.com/ee/ci/unit_test_reports.html | 09:18:25 |
_hc | you'll have to take non-junit output and fit it into junit reports | 09:18:55 |
_hc | I guess that's easy for the pass/fail parts of scanning | 09:19:17 |
proletarius101 | Yeah | 09:19:25 |
proletarius101 | linsui: Oh he's not in charge of standard notes now: https://github.com/standardnotes/mobile/issues/292#issuecomment-813967203 | 09:24:34 |
proletarius101 | In reply to @eighthave:matrix.org I guess that's easy for the pass/fail parts of scanning A second thought: it should rather be a SAST report. The gitlab SAST report should really be more extensive rather than a list: https://gitlab.com/proletarius101/fdroidclient/-/pipelines/271784184/security | 09:27:56 |
jochensp | _hc: thanks for the developer proposal, I opened https://gitlab.com/fdroid/admin/-/issues/213 | 09:31:31 |
izzy | linsui: shouldn't be that difficult. It's basically reading (and matching) 2 YAML files, then creating smali code of the APK using Apktool and scanning the resulting directory structure for matches. | 09:59:12 |
izzy | Maybe that could even be added to whatever scanapk already does. | 09:59:32 |