mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity
kyverno/.github/workflows/nancy.yaml
dependabot[bot] 211030e900
chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#11244) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](692973e3d9...d632683dd7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-26 07:36:19 +00:00

76 lines
No EOL
2.4 KiB
YAML
Raw Blame History

# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: Nancy
permissions: {}
on:
workflow_dispatch:
schedule:
- cron: '23 2 * * *' # Every day at 02:23 UTC
jobs:
nancy-scan:
runs-on: ubuntu-latest
name: nancy-scan
steps:
- name: Checkout
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Setup caches
uses: ./.github/actions/setup-caches
timeout-minutes: 5
continue-on-error: true
- name: Setup build env
uses: ./.github/actions/setup-build-env
timeout-minutes: 10
- name: WriteGoList
run: go list -json -deps ./... > go.list
- name: Nancy SAST Scan
uses: sonatype-nexus-community/nancy-github-action@726e338312e68ecdd4b4195765f174d3b3ce1533 # v1.0.3
with:
output_format: json
output-file: nancy-results.json
- name: Parse scan results
id: parse-results
run: |
if [ -s nancy-results.json ]; then
echo "Vulnerabilities found, creating issue"
echo "results=found" >> $GITHUB_OUTPUT
else
echo "No vulnerabilities found, halting"
echo "results=nothing" >> $GITHUB_OUTPUT
fi
- name: Upload vulnerability scan report
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
if: steps.parse-results.outputs.results == 'found'
with:
name: nancy-results.json
path: nancy-results.json
if-no-files-found: error
open-issue:
runs-on: ubuntu-latest
if: needs.nancy-scan.result == 'success'
needs: nancy-scan
permissions:
issues: write
steps:
- name: Checkout
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Download scan results
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: nancy-results.json
- name: Set scan output
id: set-scan-output
run: echo "results=$(cat nancy-results.json | jq -c)" >> $GITHUB_OUTPUT
- uses: JasonEtco/create-an-issue@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5 # v2.9.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
RESULTS: ${{ steps.set-scan-output.outputs.results }}
with:
filename: .github/ISSUE_TEMPLATE/VULN-TEMPLATE.md
View git blame Copy permalink