error-lang/.github/workflows/security-policy.yml at main · hyperpolymath/error-lang · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# SPDX-License-Identifier: PMPL-1.0-or-later
name: Security Policy Validation

on:
  pull_request:
    paths:
      - 'SECURITY.md'
      - '.github/workflows/security-policy.yml'
  push:
    branches: [main]
    paths:
      - 'SECURITY.md'

permissions: read-all

jobs:
  validate-security-policy:
    name: Validate SECURITY.md
    runs-on: ubuntu-latest
    permissions:
      contents: read

    steps:
      - name: Checkout repository
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

      - name: Check SECURITY.md exists
        run: |
          if [ ! -f "SECURITY.md" ]; then
            echo "ERROR: SECURITY.md is required"
            exit 1
          fi

      - name: Validate content
        run: |
          # Check for required sections
          for section in "Supported Versions" "Reporting" "Security"; do
            if ! grep -qi "$section" SECURITY.md; then
              echo "WARNING: SECURITY.md should contain '$section' section"
            fi
          done

          # Check for contact info
          if ! grep -qE "security@|jonathan.jewell@" SECURITY.md; then
            echo "ERROR: SECURITY.md should contain security contact email"
            exit 1
          fi

          echo "SECURITY.md validation passed"