fix: slack notification not working for nightly scan

Signed-off-by: Ved Ratan <[email protected]>
nirmata · Dec 9, 2024 · 84b5750 · 84b5750
1 parent b2de6b6
commit 84b5750
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 12 deletions.
diff --git a/.github/workflows/nightly-scan.yaml b/.github/workflows/nightly-scan.yaml
@@ -31,13 +31,6 @@ jobs:
           fetch-depth: 0
           lfs: true
 
-      - name: Get latest tag on branch
-        shell: bash
-        run: |
-          BRANCH_NAME=${{ matrix.branch }}  
-          LATEST_TAG=$(git tag --merged ${BRANCH_NAME} --sort=-creatordate | head -n 1)
-          echo "IMAGE_TAG=${LATEST_TAG}" >> $GITHUB_ENV
-
       - name: Log into registry ${{env.REGISTRY}}
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
@@ -48,7 +41,11 @@ jobs:
 
       - name: Set Image name
         run: |
-          echo IMAGE_NAME="ghcr.io/nirmata/kyverno:${{ env.IMAGE_TAG }}" >> $GITHUB_ENV
+          echo IMAGE_NAME="ghcr.io/nirmata/nightly-kyverno" >> $GITHUB_ENV
+
+      - name: Build and Push Image
+        run: |
+          make ko-publish-kyverno REPO=nirmata KYVERNO_IMAGE=nightly-kyverno KO_TAGS=latest
 
       - name: Scan image using grype
         id: grype-scan
@@ -88,3 +85,15 @@ jobs:
           echo "====grype-scan===="
           cat ${{ steps.grype-scan.outputs.sarif }}
           exit 1  
+
+      - name: Notify failure status
+        if: always() && (job.status == 'failure')
+        uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990 #v2.3.2
+        env:
+          SLACK_CHANNEL: cve-nightly-scan-alerts
+          SLACK_COLOR: ${{ job.status }}
+          SLACK_ICON: https://cdn-icons-png.flaticon.com/512/25/25231.png
+          SLACK_MESSAGE: Repository - ${{github.repository}} - ${{ matrix.branch }} Environment - nightly-scan
+          SLACK_TITLE: CVE discovered
+          SLACK_USERNAME: Github Actions
+          SLACK_WEBHOOK: ${{ secrets.NIGHTLY_SCAN_WEBHOOK }}  
diff --git a/Makefile b/Makefile
@@ -15,7 +15,7 @@ GOARCH               ?= $(shell go env GOARCH)
 KOCACHE              ?= /tmp/ko-cache
 BUILD_WITH           ?= ko
 KYVERNOPRE_IMAGE     := kyvernopre
-KYVERNO_IMAGE        := kyverno
+KYVERNO_IMAGE        ?= kyverno
 CLI_IMAGE            := kyverno-cli
 CLEANUP_IMAGE        := cleanup-controller
 REPORTS_IMAGE        := reports-controller
@@ -265,11 +265,11 @@ build-all: build-kyverno-init build-kyverno build-cli build-cleanup-controller b
 LOCAL_PLATFORM      := linux/$(GOARCH)
 KO_REGISTRY         ?= ko.local
 ifndef VERSION
-KO_TAGS             := $(GIT_SHA)
+KO_TAGS             ?= $(GIT_SHA)
 else ifeq ($(VERSION),main)
-KO_TAGS             := $(GIT_SHA),latest
+KO_TAGS             ?= $(GIT_SHA),latest
 else
-KO_TAGS             := $(GIT_SHA),$(subst /,-,$(VERSION))
+KO_TAGS             ?= $(GIT_SHA),$(subst /,-,$(VERSION))
 endif
 
 KO_CLI_REPO         := $(PACKAGE)/$(CLI_DIR)