.gitlab-ci.yml: Use freedesktop-sdk CVE generation utility scripts (!2873) · Merge requests · GNOME / gnome-build-meta

Neill Whillans requested to merge neill/cve-gen-freedesktop into master May 08, 2024

This request aims to make use of the freedesktop-sdk utility scripts for CVE report generation, namely utils/generate_cve_report.py and utils/update_local_cve_database.py. These will be available within gnome-build-meta once the freedesktop-sdk version used in gnome-build-meta contains https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/merge_requests/19389. Until then, the functionality is obtained through the patch provided by this request.

The request also adds CVE report generation for both vm and vm-secure.

For each build of master a new utility was created to download the CVE report artifacts of the supported stable builds, and along with the CVE reports for 'master', placed in the Gitlab Pages /public folder. For example,

    https://gnome.pages.gitlab.gnome.org/gnome-build-meta/master/cve-reports/sdk.html
or,
    https://gnome.pages.gitlab.gnome.org/gnome-build-meta/gnome-45/cve-reports/platform.html

Another utility was created to generate the html for a single Release Contents page, that provides links to the CVE reports for each of the supported branches. This is also placed in the /public Gitlab POages folder, available at the following URL:

https://gnome.pages.gitlab.gnome.org/gnome-build-meta/release-contents.html

Edited May 20, 2024 by Neill Whillans

.gitlab-ci.yml: Use freedesktop-sdk CVE generation utility scripts

Merge request reports