Skip to content

ci: set a dummy QSEAL_SECRET for the test jobs (fail-closed allow-pat… #84

ci: set a dummy QSEAL_SECRET for the test jobs (fail-closed allow-pat…

ci: set a dummy QSEAL_SECRET for the test jobs (fail-closed allow-pat… #84

Workflow file for this run

name: ClawZero Security Scan
on:
push:
pull_request:
jobs:
security:
runs-on: ubuntu-latest
env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
permissions:
contents: read
security-events: write
steps:
- uses: actions/checkout@v5
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: "3.11"
- name: Install ClawZero (current commit)
run: |
python -m pip install --upgrade pip
pip install -e .
- name: Run security scan
run: |
clawzero demo openclaw \
--mode compare \
--scenario shell \
--output-dir witnesses/
clawzero report sarif \
--input witnesses/ \
--output results.sarif
- name: Upload to GitHub Security
uses: github/codeql-action/upload-sarif@v4
continue-on-error: true
with:
sarif_file: results.sarif