nightly-vulnerability-scans.yaml

name: Nightly vulnerability scans

on:
  schedule:
    # At 03:08 AM, every Monday, Wednesday, Friday & Sunday
    - cron: '08 03 * * Mon,Wed,Fri,Sun'
  workflow_dispatch:
    inputs:
      codeBranch:
        description: 'Branch of the TAS repo that you want to run the workflow against'
        required: true
        default: 'master'
      trivyVersion:
        description: 'Version of Trivy that is going to be installed for the scan'
        required: false
        type: string
        default: v0.48.0

permissions:
  contents: read

jobs:
  current_branch:
    runs-on: self-hosted
    if: ( !contains(github.repository, '/platform-aware-scheduling'))
    outputs:
      extract_branch: ${{ steps.extract_branch.outputs.branch }}
    steps:
      - name: current branch
        id: extract_branch
        run: |
          if [[ "${GITHUB_EVENT_NAME}" == "schedule" || "${GITHUB_EVENT_NAME}" == "push" ]]; then
            echo "BRANCH=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_OUTPUT
          elif [[ "${GITHUB_EVENT_NAME}" == "workflow_dispatch" ]]; then
            echo "BRANCH=${{ inputs.codeBranch  }}" >> $GITHUB_OUTPUT
          else
            echo "BRANCH=INVALID_EVENT_BRANCH_UNKNOWN" >> $GITHUB_OUTPUT
          fi
  trivy-images-scan:
    uses: ./.github/workflows/trivy-image-scan.yaml
    needs: [ current_branch  ]
    with:
      runson: self-hosted-kind
      codeBranch: ${{ needs.current_branch.outputs.extract_branch }}
      trivyVersion:  ${{ inputs.trivyVersion }}