Skip to content

Implement leak checker in daemon #3928

Implement leak checker in daemon

Implement leak checker in daemon #3928

---
name: Verify lockfile signatures
on:
pull_request:
paths:
- .github/workflows/verify-locked-down-signatures.yml
- .github/CODEOWNERS
- Cargo.toml
- test/Cargo.toml
- Cargo.lock
- test/Cargo.lock
- deny.toml
- test/deny.toml
- desktop/package-lock.json
- wireguard-go-rs/libwg/go.sum
- ci/keys/**
- ci/verify-locked-down-signatures.sh
- ios/MullvadVPN.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved
- android/gradlew
- android/gradlew.bat
- android/gradle/verification-metadata.xml
- android/gradle/wrapper/gradle-wrapper.jar
- android/gradle/wrapper/gradle-wrapper.properties
- building/build-and-publish-container-image.sh
- building/mullvad-app-container-signing.asc
- building/linux-container-image.txt
- building/android-container-image.txt
- building/sigstore/**
permissions: {}
jobs:
verify-signatures:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Verify signatures
run: |-
base_ref=${{ github.event.pull_request.base.sha }}
head_ref=${{ github.event.pull_request.head.sha }}
git fetch --no-recurse-submodules --shallow-exclude=main origin main $base_ref $head_ref
git fetch --deepen=1
ci/verify-locked-down-signatures.sh --import-gpg-keys --whitelist origin/main