GitHub ActionsͰ DevSecOpsͬ͜͝ June 13, 2022 ୈ5ճLTձ Akira Moroo (@retrage)

GitHub Actions (GHA) • GitHubʹ౷߹͞Ε͍ͯΔ • ઃఆϑΝΠϧΛ഑ஔ͢Δ͚ͩ • ߏ଄Խ͞Ε͍ͯΔ • ࠷খ୯Ґ: step • ίϚϯυ࣮ߦ or action࣮ߦ • action͸ࣗ࡞Մೳ CI/CDαʔϏεͷ1ͭ Job Work f low Step

actionͷ࡞Γํ • GitHubϦϙδτϦ௚Լʹ action.yamlΛ഑ஔ • action.yaml: actionΛఆٛ • ೖྗ (■) • ग़ྗ (■) • ࣮ߦޙͷstepͰࢀরՄೳ • ࣮ߦํ๏ (■) Yamlϙϯஔ͖Ͱ؆୯

actionͷछྨ ࣮ߦํ๏ʹΑͬͯ3छྨʹ෼͚ΒΕΔ • JavaScript action: JavaScriptͷΈͰهड़ • Docker container action: ίϯςφΛ࣮ߦ • Composite action: ࠶ར༻ՄೳͳGHA work f low (stepͷू·Γ) • Docker container action͕Ұ൪ࣗ༝౓͕ߴ͍: • 👉 ؀ڥΛด͡ࠐΊͯ͋͛Ε͹͓खܰʹDevSecOpsͬ͜͝Ͱ͖ͦ͏

Actionࣗ࡞ͯ͠Έͨ • ࣗ࡞UEFI SMM੩తղੳGhidraϓ ϥάΠϯΛར༻ • non-GUI GhidraΛ࣮ߦ • ೖྗ (■): ղੳର৅ͷόΠφϦ • ग़ྗ (■): ղੳ݁Ռ • ࣮ߦํ๏ (■): Docker container

Actionࣗ࡞ͯ͠Έͨ • ೖྗ (■) ͸όΠφϦ͚ͩ • ϓϩϓϥͰ΋OK • ग़ྗ (■) ͸JUnit XML format • ղੳ݁Ռͷ࠶ར༻ੑ޲্ • ӈͷྫͰ͸ղੳ݁ՌΛطଘ ͷactionʹ౉͍ͯ͠Δ (■) ޻෉ϙΠϯτ

Actionࣗ࡞ͯ͠Έͨ: ղੳ݁Ռྫ ղੳ݁ՌͷJUnit XML formatग़ྗ ݕग़ͨ݁͠ՌΛΤϥʔͱͯ͠ใࠂ

Actionࣗ࡞ͯ͠Έͨ: ղੳ݁Ռྫ JUnit XML formatͰग़ྗ͢Δ͜ͱͰۤ࿑ͤͣʹղੳ݁ՌΛCIʹ૊ΈࠐΊͨ

Actionࣗ࡞ͯ͠Έͨ: վળ఺ • ݡ͘ղੳ݁ՌΛग़ྗ͍ͨ͠ • ࠓճ͸ղੳϩάΛPythonͰύʔεͯ͠ແཧ΍ΓJUnit XML formatʹม׵ • ϓϥάΠϯ͕௚઀JSON/XMLΛग़ྗ͢Δ΂͖ • ·ͱ΋ͳόΠφϦͷղੳ݁Ռදࣔػೳ͕΄͍͠ • JUnit XML format΋GHA΋ίʔυͷߦͱྻϨϕϧͷΞϊςʔγϣϯͷΈ • ؤுͬͯΤϥʔʹٯΞηϯϒϧ݁ՌΛදࣔ͢Δ͔͠ͳ͍

·ͱΊ • GitHub Actions͸GitHubʹ౷߹͞ΕͨCI/CDαʔϏε • GHAͷaction͸؆୯ʹࣗ࡞Մೳ • Action͸3छྨ͋Δ͕ɺDocker container action͕Ұ൪ࣗ༝౓͕ߴ͍ • ࣗ࡞UEFI SMM੩తղੳGhidraϓϥάΠϯͷactionΛ࡞ͬͯΈͨ • JUnit XML formatͰग़ྗ͢Δ͜ͱͰղੳ݁Ռͷ࠶ར༻ੑ͕ߴ͘ͳͬͨ • ݱঢ়Ͱ͸όΠφϦͷղੳ݁Ռදࣔ͸޻෉͕ඞཁ