Skip to content

cve-report

cve-report #33

Workflow file for this run

name: cve-report
on:
schedule:
- cron: '0 17 * * *'
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
cancel-in-progress: true
jobs:
report:
name: Report
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.21'
- name: Prepare git
env:
GITHUB_USER: 1gtm
GITHUB_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }}
run: |
set -x
git config --global user.name "1gtm"
git config --global user.email "[email protected]"
git config --global \
url."https://${GITHUB_USER}:${GITHUB_TOKEN}@github.com".insteadOf \
"https://github.com"
# git remote set-url origin https://${GITHUB_USER}:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git
- name: Install trivy
run: |
# wget https://github.com/aquasecurity/trivy/releases/download/v0.18.3/trivy_0.18.3_Linux-64bit.deb
# sudo dpkg -i trivy_0.18.3_Linux-64bit.deb
sudo apt-get install -y --no-install-recommends wget apt-transport-https gnupg lsb-release
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install -y --no-install-recommends trivy
- name: Generate report
run: |
./hack/scripts/update-chart-dependencies.sh
go run ./cmd/generate-cve-report/main.go
git commit -s -a -m "Update cve report $(date --rfc-3339=date)"
- name: Create Pull Request
uses: peter-evans/create-pull-request@v6
with:
token: ${{ secrets.LGTM_GITHUB_TOKEN }}
title: Update cve report
branch: update-cve-report
delete-branch: true
add-paths: |
catalog/kubedb/README.md
labels: |
automerge