VulnDB Workflow #14

Summary
Jobs
- build
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/vulndb.yaml at 752822c

	name: VulnDB Workflow

	on: workflow_dispatch

	env:
	POSTGRES_DB: devguard
	POSTGRES_USER: devguard
	POSTGRES_HOST: localhost
	POSTGRES_PASSWORD: not_reachable_from_the_internet

	jobs:
	build:
	runs-on: ubuntu-latest

	services:
	postgres:
	image: ghcr.io/l3montree-dev/devguard-postgresql:v0.5.3@sha256:a06c9e7c8ee334790cc66d52e89ff5ef05352ab264841d3d9f3659c046732251
	env:
	POSTGRES_DB: ${{env.POSTGRES_DB}}
	POSTGRES_USER: ${{env.POSTGRES_USER}}
	POSTGRES_PASSWORD: ${{env.POSTGRES_PASSWORD}}
	ports:
	- 5432:5432
	options: "--health-cmd=\"pg_isready -U devguard\" --health-interval=10s --health-timeout=5s --health-retries=5 "
	steps:
	- name: Install postgresql client
	run: \|
	sudo apt-get update
	sudo apt-get install -y wget
	wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc \| sudo apt-key add -
	echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main" \| sudo tee /etc/apt/sources.list.d/pgdg.list
	sudo apt-get update
	sudo apt-get install -y postgresql-client-16
	- name: Create semver extension
	run: \|
	PGPASSWORD=${{env.POSTGRES_PASSWORD}} psql -h localhost -U devguard devguard -c "CREATE EXTENSION IF NOT EXISTS semver;"
	- name: Checkout code
	uses: actions/checkout@v3
	- name: Install Golang
	uses: actions/setup-go@v5
	with:
	go-version: 1.22
	- name: Build the database (this takes some time)
	run: \|
	go run ./cmd/devguard-cli/main.go vulndb repair --startIndex=0
	- name: Dump the PostgreSQL database
	# skip:checkov:CKV_SECRET_6
	run: PGPASSWORD=${{env.POSTGRES_PASSWORD}} pg_dump -h localhost -U devguard devguard -t affected_components -t cpe_matches -t cve_affected_component -t cve_cpe_match -t cves -t cwes -t exploits -t weaknesses --on-conflict-do-nothing --column-inserts > dump.sql
	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Setup oras cli
	uses: oras-project/setup-oras@v1
	- name: Push the database dump to OCI
	run: \|
	oras push ghcr.io/l3montree-dev/devguard/vulndb:$(date +%s) dump.sql

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

VulnDB Workflow #14

Workflow file

VulnDB Workflow #14

Jobs

Run details

Workflow file for this run