mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity
kyverno/.github/workflows/nancy.yaml
dependabot[bot] 09e4d9b5c7
chore(deps): bump actions/upload-artifact from 4.4.1 to 4.4.2 (#11362) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.4.1 to 4.4.2.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](604373da63...84480863f2)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-09 06:51:49 +00:00

76 lines
No EOL
2.4 KiB
YAML
Raw Blame History

# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: Nancy
permissions: {}
on:
workflow_dispatch:
schedule:
- cron: '23 2 * * *' # Every day at 02:23 UTC
jobs:
nancy-scan:
runs-on: ubuntu-latest
name: nancy-scan
steps:
- name: Checkout
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Setup caches
uses: ./.github/actions/setup-caches
timeout-minutes: 5
continue-on-error: true
- name: Setup build env
uses: ./.github/actions/setup-build-env
timeout-minutes: 10
- name: WriteGoList
run: go list -json -deps ./... > go.list
- name: Nancy SAST Scan
uses: sonatype-nexus-community/nancy-github-action@726e338312e68ecdd4b4195765f174d3b3ce1533 # v1.0.3
with:
output_format: json
output-file: nancy-results.json
- name: Parse scan results
id: parse-results
run: |
if [ -s nancy-results.json ]; then
echo "Vulnerabilities found, creating issue"
echo "results=found" >> $GITHUB_OUTPUT
else
echo "No vulnerabilities found, halting"
echo "results=nothing" >> $GITHUB_OUTPUT
fi
- name: Upload vulnerability scan report
uses: actions/upload-artifact@84480863f228bb9747b473957fcc9e309aa96097 # v4.4.2
if: steps.parse-results.outputs.results == 'found'
with:
name: nancy-results.json
path: nancy-results.json
if-no-files-found: error
open-issue:
runs-on: ubuntu-latest
if: needs.nancy-scan.result == 'success'
needs: nancy-scan
permissions:
issues: write
steps:
- name: Checkout
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Download scan results
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: nancy-results.json
- name: Set scan output
id: set-scan-output
run: echo "results=$(cat nancy-results.json | jq -c)" >> $GITHUB_OUTPUT
- uses: JasonEtco/create-an-issue@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5 # v2.9.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
RESULTS: ${{ steps.set-scan-output.outputs.results }}
with:
filename: .github/ISSUE_TEMPLATE/VULN-TEMPLATE.md
View git blame Copy permalink