From e28ece98024ed61b77fe38c84309a9bcdafcd570 Mon Sep 17 00:00:00 2001
From: Tristan Cacqueray <tdecacqu@redhat.com>
Date: Wed, 27 Nov 2024 16:37:44 -0500
Subject: [PATCH] Add OSV schema validation

---
 .github/workflows/nix.yml | 4 ++++
 flake.nix                 | 1 +
 2 files changed, 5 insertions(+)

diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml
index c94954f8..a8525666 100644
--- a/.github/workflows/nix.yml
+++ b/.github/workflows/nix.yml
@@ -59,6 +59,10 @@ jobs:
             mkdir -p $DATA_DIR/$YEAR
             docker run --rm -v $PWD:/repo --workdir /repo haskell/hsec-tools:latest /bin/hsec-tools osv "$FILE" > $DATA_DIR/$YEAR/$ID.json
           done < <(find advisories -type f -name "*.md" | grep -v '^advisories/reserved/')
+      - name: Validate OSV data
+        run: |
+          curl -OL https://raw.githubusercontent.com/ossf/osv-schema/refs/heads/main/validation/schema.json
+          nix develop --command check-jsonschema --schemafile ../schema.json ./osv/*/*.json
       - name: Publish OSV data
         if: ${{ github.event_name == 'push' && github.ref_name == 'main' && github.repository == 'haskell/security-advisories' }}
         env:
diff --git a/flake.nix b/flake.nix
index d163def9..4b7f5217 100644
--- a/flake.nix
+++ b/flake.nix
@@ -44,6 +44,7 @@
                     ghcid
                     haskell-language-server
                     pkgs.nixpkgs-fmt
+                    pkgs.check-jsonschema
                   ])
               else drv;
           };