chrisryn/requestarr
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

chore(renovate): fix trivy action tag (#1993) [skip-ci]

Browse Source 
Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
This commit is contained in:
Ludovic Ortega
2025-10-07 22:23:26 +03:00
committed by GitHub
parent 2e6a19d3b5
commit 393cb1a4ce
2 changed files with 99 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
.github/workflows/docs-link-check.yml vendored
View File

@@ -3,67 +3,67 @@
name: Check Docs Links name: Check Docs Links
on: on:
pull_request: pull_request:
branches: branches:
- '*' - '*'
paths: paths:
- 'docs/**' - 'docs/**'
- 'gen-docs/**' - 'gen-docs/**'
- '.github/workflows/docs-link-check.yml' - '.github/workflows/docs-link-check.yml'
push: push:
branches: branches:
- develop - develop
paths: paths:
- 'docs/**' - 'docs/**'
- 'gen-docs/**' - 'gen-docs/**'
- '.github/workflows/docs-link-check.yml' - '.github/workflows/docs-link-check.yml'
schedule: schedule:
- cron: '50 7 * * 5' - cron: '50 7 * * 5'
workflow_dispatch: workflow_dispatch:
permissions: permissions:
contents: read contents: read
concurrency: concurrency:
group: docs-link-check-${{ github.ref }} group: docs-link-check-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
jobs: jobs:
link-check: link-check:
name: Verify external links in Markdown and MDX name: Verify external links in Markdown and MDX
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
timeout-minutes: 20 timeout-minutes: 20
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
fetch-depth: 0 fetch-depth: 0
persist-credentials: false persist-credentials: false
- name: Run Lychee link checker - name: Run Lychee link checker
uses: lycheeverse/lychee-action@885c65f3dc543b57c898c8099f4e08c8afd178a2 # v2.6.1 uses: lycheeverse/lychee-action@885c65f3dc543b57c898c8099f4e08c8afd178a2 # v2.6.1
with: with:
fail: false fail: false
args: >- args: >-
--verbose --verbose
--no-progress --no-progress
--accept 200..204,300..304,307,308,404,429,999 --accept 200..204,300..304,307,308,404,429,999
--exclude '^file://' --exclude '^file://'
--exclude '^https?://(localhost|127\.0\.0\.1|0\.0\.0\.0|\[::1\]|\[::\])' --exclude '^https?://(localhost|127\.0\.0\.1|0\.0\.0\.0|\[::1\]|\[::\])'
--exclude '^https?://support\.discord\.com' --exclude '^https?://support\.discord\.com'
'./docs/**/*.md' './docs/**/*.md'
'./docs/**/*.mdx' './docs/**/*.mdx'
'./gen-docs/**/*.md' './gen-docs/**/*.md'
'./gen-docs/**/*.mdx' './gen-docs/**/*.mdx'
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Lychee report - name: Upload Lychee report
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with: with:
name: lychee-report name: lychee-report
path: | path: |
lychee/out.md lychee/out.md
lychee/results.json lychee/results.json
if-no-files-found: ignore if-no-files-found: ignore

88
.github/workflows/trivy-scan.yml vendored
View File

@@ -3,59 +3,59 @@
name: Trivy Container Vulnerability Scan name: Trivy Container Vulnerability Scan
on: on:
workflow_run: workflow_run:
workflows: workflows:
- Seerr Release - Seerr Release
types: types:
- completed - completed
schedule: schedule:
- cron: '50 7 * * 5' - cron: '50 7 * * 5'
workflow_dispatch: workflow_dispatch:
permissions: permissions:
contents: read contents: read
concurrency: concurrency:
group: trivy-scan-${{ github.ref }} group: trivy-scan-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
jobs: jobs:
trivy: trivy:
if: ${{ github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success' }} if: ${{ github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success' }}
name: Scan latest container image name: Scan latest container image
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
permissions: permissions:
contents: read contents: read
security-events: write security-events: write
env: env:
TRIVY_CACHE_DIR: .trivycache TRIVY_CACHE_DIR: .trivycache
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with: with:
fetch-depth: 0 fetch-depth: 0
persist-credentials: false persist-credentials: false
- name: Cache Trivy DB - name: Cache Trivy DB
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
with: with:
path: .trivycache path: .trivycache
key: trivy-${{ runner.os }}-${{ hashFiles('**/Dockerfile') }} key: trivy-${{ runner.os }}-${{ hashFiles('**/Dockerfile') }}
restore-keys: | restore-keys: |
trivy-${{ runner.os }}- trivy-${{ runner.os }}-
- name: Run Trivy image scan - name: Run Trivy image scan
uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1 uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
with: with:
image-ref: ghcr.io/${{ github.repository }}:latest image-ref: ghcr.io/${{ github.repository }}:latest
format: sarif format: sarif
output: trivy.sarif output: trivy.sarif
ignore-unfixed: true ignore-unfixed: true
- name: Upload SARIF to code scanning - name: Upload SARIF to code scanning
uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6 uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
with: with:
sarif_file: trivy.sarif sarif_file: trivy.sarif