Skip to content

Nightly vulnerability scans #8

Nightly vulnerability scans

Nightly vulnerability scans #8

name: Nightly vulnerability scans
on:
schedule:
# At 03:08 AM, every Monday, Wednesday, Friday & Sunday
- cron: '08 03 * * Mon,Wed,Fri,Sun'
workflow_dispatch:
inputs:
codeBranch:
description: 'Branch of the TAS repo that you want to run the workflow against'
required: true
default: 'master'
trivyVersion:
description: 'Version of Trivy that is going to be installed for the scan'
required: false
type: string
default: v0.48.0
permissions:
contents: read
jobs:
current_branch:
runs-on: self-hosted
if: ( !contains(github.repository, '/platform-aware-scheduling'))
outputs:
extract_branch: ${{ steps.extract_branch.outputs.branch }}
steps:
- name: current branch
id: extract_branch
run: |
if [[ "${GITHUB_EVENT_NAME}" == "schedule" || "${GITHUB_EVENT_NAME}" == "push" ]]; then
echo "BRANCH=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_OUTPUT
elif [[ "${GITHUB_EVENT_NAME}" == "workflow_dispatch" ]]; then
echo "BRANCH=${{ inputs.codeBranch }}" >> $GITHUB_OUTPUT
else
echo "BRANCH=INVALID_EVENT_BRANCH_UNKNOWN" >> $GITHUB_OUTPUT
fi
trivy-images-scan:
uses: ./.github/workflows/trivy-image-scan.yaml
needs: [ current_branch ]
with:
runson: self-hosted-kind
codeBranch: ${{ needs.current_branch.outputs.extract_branch }}
trivyVersion: ${{ inputs.trivyVersion }}