915b602dd5
## Description Run trivy and scout scanner with image name Fixes #`37036` ## Automation /ok-to-test tags="@tag.IDE" ### 🔍 Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/11480586298> > Commit: 5ebbcd37ec177c781d8b0be38a83ce695d211c9d > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=11480586298&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: `@tag.IDE` > Spec: > <hr>Wed, 23 Oct 2024 13:36:44 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [x] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Introduced two new scripts for automated vulnerability scanning of Docker images: `scout_vulnerabilities_data.sh` and `trivy_vulnerabilities_data.sh`. - Added a GitHub Actions workflow to automate vulnerability scanning and update pull requests with results. - **Bug Fixes** - Improved error handling for missing environment variables in the new scripts. - **Documentation** - Added details on the new workflow and its steps for user reference. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|---|---|---|
| .. | ||
| docs | ||
| scripts | ||
| ad-hoc-docker-image.yml | ||
| appsmithctl.yml | ||
| build-chromatic.yml | ||
| build-client-server-count.yml | ||
| build-client-server.yml | ||
| build-docker-image.yml | ||
| build-storybook.yml | ||
| caddy-routes-test.yml | ||
| ci-client-cyclic-deps-check.yml | ||
| ci-debugging.yml | ||
| ci-test-custom-script.yml | ||
| ci-test-hosted.yml | ||
| ci-test-limited-with-count.yml | ||
| ci-test-limited.yml | ||
| cleanup-dp.yml | ||
| client-build.yml | ||
| client-lint.yml | ||
| client-prettier.yml | ||
| client-unit-tests.yml | ||
| close-labeler.yml | ||
| copy-labels.yml | ||
| docker-base-image.yml | ||
| duplicate-issue-detector.yml | ||
| github-release.yml | ||
| helm-release.yml | ||
| integration-tests-command.yml | ||
| issue-report-config.json | ||
| mastermind-labeler.yml | ||
| ok-to-test.yml | ||
| on-demand-build-docker-image-deploy-preview.yml | ||
| pr-automation.yml | ||
| pr-cypress.yml | ||
| pr-labeler.yml | ||
| quality-checks.yml | ||
| README.md | ||
| release-drafter.yml | ||
| rts-build.yml | ||
| server-build.yml | ||
| server-spotless.yml | ||
| stale.yml | ||
| sync-release-to-pg.yml | ||
| test-build-docker-image.yml | ||
| test-storybook.yml | ||
| test-vulnerabilities-data.yml | ||
The following list describes all the workflows that are configured to run in this repository:
Release process related Actions
- Build RTS Workflow
- Appsmith Client Build Workflow
- Appsmith External Integration Test Workflow
- Appsmith Github Release Workflow
- Ok To Test
- Appsmith Server Workflow
- Test, build and push Docker Image
Utility Actions
- Mark stale issues and pull requests
- Label PRs based on title
- Release Drafter
- Remove old artifacts
- Sync Community workflow
- Potential Duplicate Issues
- Mastermind Labeler Workflow
Build RTS Workflow
Workflow file: build-rts.yml Triggered on every commit to the rts folder. This workflow is responsible for building the RTS Node server. There are dummy steps for ui-tests and packaging. (Comment: Useless right now because it does not have ui-test-result)
Appsmith Client Build Workflow
Workflow file: client-build.yml Triggered on every commit to the client folder. This workflow is responsible for building & unit-testing the client side.
Appsmith Server Workflow
Workflow file: server.yml Triggered on every commit to the server folder. This workflow is responsible for building & unit-testing the Java server codebase.
Appsmith External Integration Test Workflow
Workflow file: external-client-test.yml Triggered only by the ok to test command dispatch. This workflow is responsible for building, unit-testing, integration testing and packaging both server and client code base. (Comment: Notably not RTS)
Appsmith Github Release Workflow
Workflow file: github-release.yml
Triggered on release event on Github. This workflow is responsible for building client, server and RTS binaries and packaging them to the latest as well as the relevant release tag on Docker.
Ok To Test
Workflow file: ok-to-test.yml Triggered by PR comments. This workflow triggers a repository dispatch for the Appsmith External Integration Test Workflow.
Test, build and push Docker Image
Workflow file: test-build-docker-image.yml Triggered by PR reviews and push to release or master. This workflow is responsible for building client, server and RTS binaries and packaging them to fata container as well as the older separate containers.
Mark stale issues and pull requests
Workflow file: stale.yml
Label PRs based on title
Workflow file: pr-labeler.yml
Release Drafter
Workflow file: release-drafter.yml
Remove old artifacts
Workflow file: remove-old-artifacts.yml
Sync Community workflow
Workflow file: sync-community-repo.yml
Potential Duplicate Issues
Workflow file: duplicate-issue-detector.yml
Mastermind Labeler Workflow
Workflow file: mastermind-labeler.yml