Skip to content

Scanner dev vulnerability update #50

Scanner dev vulnerability update

Scanner dev vulnerability update #50

name: Scanner dev vulnerability update
on:
schedule:
- cron: "30 */4 * * *"
push:
branches:
- master
jobs:
upload-dev-vulnerabilities:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- name: Authenticate with Google Cloud
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.GOOGLE_SA_CIRCLECI_SCANNER }}
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v2
- name: Update vulnerabilities
continue-on-error: true
run: |
if [ ! -d "scanner" ]; then
echo "Scanner directory not found. Terminating current step."
exit 1
fi
make -C scanner bin/updater
./scanner/bin/updater -output-dir=dev
gsutil cp -r "dev" "gs://scanner-v4-test/vulnerability-bundles"
send-notification:
needs:
- upload-dev-vulnerabilities
runs-on: ubuntu-latest
if: failure()
steps:
- name: Send Slack notification on workflow failure
run: |
curl -X POST -H 'Content-type: application/json' --data '{"text":"Workflow failed in workflow ${{ github.workflow }} in repository ${{ github.repository }}: Failed to update vulnerabilities"}' ${{ secrets.SLACK_ONCALL_SCANNER_WEBHOOK }}