Created
February 10, 2022 21:27
-
-
Save hxtree/e281c8a64a898724a7b3d6262a6545bd to your computer and use it in GitHub Desktop.
Codacy Checksum Verification
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Codacy Curl Bashing Checksum Verification Script | |
| # https://blog.aquasec.com/codecovs-breach-supply-chain-attack | |
| SHA256=$(curl -sSL https://coverage.codacy.com/get.sh | sha256sum) | |
| CHECKSUM='28dc671cdf1038f1c95cf2dbcb4ef6ae127a243d99d0b131d4600f8b4e3e91428 *-' | |
| if [ "$SHA256" == "$CHECKSUM" ]; then | |
| bash <(curl -Ls https://coverage.codacy.com/get.sh) report -r tests/log/clover.xml -l PHP | |
| else | |
| echo "Failed Codacy checksum verification: $SHA256" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If you're looking to do this in CI in Github the action makes more sense. I didn't find it until afterwards: https://github.com/codacy/codacy-coverage-reporter-action