ci: nightly jobs

.github/workflows/.reusable-cleanup-registry.yml

@@ -9,10 +9,10 @@ jobs:
   cleanup-registry:
     runs-on: ubuntu-latest
     steps:
-      - name: Cleanup test images in 'connaisseur-test'
+      - name: Cleanup test images
         uses: snok/container-retention-policy@3d27e6a0361deed0b7dc5099a82eadd07924b177 # v2.1.3
         with:
-          image-names: connaisseur-test
+          image-names: semgr8s-test
           cut-off: three weeks ago UTC+1
           timestamp-to-use: updated_at
           account-type: org
@@ -21,17 +21,17 @@ jobs:
       - name: Cleanup dangling images without tag
         uses: snok/container-retention-policy@3d27e6a0361deed0b7dc5099a82eadd07924b177 # v2.1.3
         with:
-          image-names: connaisseur*
+          image-names: semgr8s*
           untagged-only: true
           cut-off: four hours ago UTC+1
           timestamp-to-use: updated_at
           account-type: org
           org-name: sse-secure-systems
           token: ${{ secrets.GHCR_PAT }}
-      - name: Cleanup all connaisseur images
+      - name: Cleanup all images
         uses: snok/container-retention-policy@3d27e6a0361deed0b7dc5099a82eadd07924b177 # v2.1.3
         with:
-          image-names: connaisseur
+          image-names: semgr8s
           skip-tags: master, develop, v*, sha256-*
           cut-off: four days ago UTC+1
           timestamp-to-use: updated_at

.github/workflows/nightly-build.yml

@@ -0,0 +1,27 @@
+name: nightly-build
+
+#permissions: {}  #TODO: reactivate for non-private
+
+on:
+  schedule:
+    - cron: "30 1 * * *"
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  ci:
+    uses: ./.github/workflows/.reusable-ci.yml
+    #    permissions:  #TODO: adjust for non-private
+    secrets: inherit
+    with:
+      #TODO: adjust for non private
+      skip_build: 'none'
+      skip_compliance_checks: 'all'
+      skip_unit_tests: 'all'
+      skip_sast: 'all'
+      skip_sca: 'none'
+      skip_docs: 'all'
+      skip_integration_tests: 'none'
+      output_type: 'sarif'

.github/workflows/nightly.yaml

@@ -0,0 +1,59 @@
+name: nightly
+
+#permissions: {}  #TODO: reactivate for non-private
+
+on:
+  schedule:
+    - cron: "30 1 * * *"
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  build:
+    uses: ./.github/workflows/.reusable-build.yml
+    #    permissions:  #TODO: reactivate for non-private
+    #      packages: write
+    secrets: inherit
+    with:
+      skip: "non-required"
+
+  compliance:
+    uses: ./.github/workflows/.reusable-compliance.yml
+    #    permissions:  #TODO: reactivate for non-private
+    #      contents: write
+    #      id-token: write
+    #      security-events: write
+    #      actions: read
+    #      checks: read
+    #      deployments: read
+    #      issues: read
+    #      discussions: read
+    #      packages: read
+    #      pages: read
+    #      pull-requests: read
+    #      repository-projects: read
+    #      statuses: read
+    secrets: inherit
+    with:
+      skip: "none"
+
+  sca-released:
+    name: sca (released)
+    uses: ./.github/workflows/.reusable-sca.yml
+    needs: [build]
+    #    permissions:  #TODO: reactivate for non-private
+    #      contents: write
+    #      security-events: write
+    #      packages: read
+    secrets: inherit
+    with:
+      image: ${{ needs.build.outputs.original_image }}
+      skip: "none"
+      output: "table"
+
+  cleanup-registry:
+    uses: ./.github/workflows/.reusable-cleanup-registry.yml
+    needs: [build]
+    secrets: inherit

.github/workflows/pr2main.yml

@@ -1,4 +1,4 @@
-name: pr
+name: pr2main
 
 #permissions: {}  #TODO: reactivate for non-private