Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
d00c15d2e7
PromucFlow_constructor/.github/workflows/test-vulnerabilities-data.yml
Sagar Khalasi d00c15d2e7
chore: new update for failing job on new vulnerabilities (#37273) 
## Description
Failing job if new vurn found


Fixes #`37036`  

## Automation

/ok-to-test tags=""

### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results  -->
> [!CAUTION]  
> If you modify the content in this section, you are likely to disrupt
the CI result for your PR.

<!-- end of auto-generated comment: Cypress test results  -->


## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [x] No
2024-11-07 13:29:35 +05:30

80 lines
2.8 KiB
YAML
Raw Blame History

name: Run Vulnerability Data Script with Parameters and Update PR
on:
workflow_dispatch:
inputs:
image_name:
description: 'Docker image name to scan'
required: true
default: 'appsmith/appsmith-ce:release'
jobs:
run-and-update-pr:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Set up Node.js
uses: actions/setup-node@v3
with:
node-version: '20'
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
- name: Install pg
run: npm install pg
# Run Scout vulnerability data script
- name: Run Scout vulnerability data script
if: always()
env:
DB_HOST: ${{ secrets.CYPRESS_DB_HOST }}
DB_NAME: ${{ secrets.CYPRESS_DB_NAME }}
DB_USER: ${{ secrets.CYPRESS_DB_USER }}
DB_PWD: ${{ secrets.CYPRESS_DB_PWD }}
run: |
chmod +x scripts/scout_vulnerabilities_data.sh
./scripts/scout_vulnerabilities_data.sh \
"${{ inputs.image_name }}" \
"${{ github.event.pull_request.number }}" \
"${{ github.event.pull_request.html_url }}" \
"${{ github.run_id }}"
- name: Run Trivy vulnerability data script
if: always()
env:
DB_HOST: ${{ secrets.CYPRESS_DB_HOST }}
DB_NAME: ${{ secrets.CYPRESS_DB_NAME }}
DB_USER: ${{ secrets.CYPRESS_DB_USER }}
DB_PWD: ${{ secrets.CYPRESS_DB_PWD }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin
chmod +x scripts/trivy_vulnerabilities_data.sh
./scripts/trivy_vulnerabilities_data.sh \
"${{ inputs.image_name }}" \
"${{ github.event.pull_request.number }}" \
"${{ github.event.pull_request.html_url }}" \
"${{ github.run_id }}"
- name: Check for new vulnerabilities in Scout and Trivy files
if: always()
run: |
# Check if Scout vulnerabilities file is not empty
if [ -s "scout_new_vulnerabilities.csv" ]; then
echo "Scout vulnerabilities detected."
cat scout_new_vulnerabilities.csv
exit 1 # Fail the job if data exists
fi
# Check if Trivy vulnerabilities file is not empty
if [ -s "trivy_new_vulnerabilities.csv" ]; then
echo "Trivy vulnerabilities detected."
cat trivy_new_vulnerabilities.csv
exit 1 # Fail the job if data exists
fi
Reference in New Issue View Git Blame Copy Permalink