ci: updated the release workflow names and introduced the trivy vuln scan wf (#1978)
This commit is contained in:
Joe Harrison
2
.github/workflows/ci.yml
vendored
2
.github/workflows/ci.yml
vendored
@@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
|
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
|
||||||
name: Jellyseerr CI
|
name: Seerr CI
|
||||||
|
|
||||||
on:
|
on:
|
||||||
pull_request:
|
pull_request:
|
||||||
|
|||||||
2
.github/workflows/preview.yml
vendored
2
.github/workflows/preview.yml
vendored
@@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
|
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
|
||||||
name: Jellyseerr Preview
|
name: Seerr Preview
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
|
|||||||
2
.github/workflows/release.yml
vendored
2
.github/workflows/release.yml
vendored
@@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
|
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
|
||||||
name: Jellyseerr Release
|
name: Seerr Release
|
||||||
|
|
||||||
on:
|
on:
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
|
|||||||
2
.github/workflows/stale.yml
vendored
2
.github/workflows/stale.yml
vendored
@@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
|
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
|
||||||
name: Close stale issues and PRs
|
name: Close Stale Issues and PRs
|
||||||
|
|
||||||
on:
|
on:
|
||||||
schedule:
|
schedule:
|
||||||
|
|||||||
61
.github/workflows/trivy-scan.yml
vendored
Normal file
61
.github/workflows/trivy-scan.yml
vendored
Normal file
@@ -0,0 +1,61 @@
|
|||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
|
||||||
|
name: Trivy Container Vulnerability Scan
|
||||||
|
|
||||||
|
on:
|
||||||
|
workflow_run:
|
||||||
|
workflows:
|
||||||
|
- Jellyseerr Release
|
||||||
|
types:
|
||||||
|
- completed
|
||||||
|
schedule:
|
||||||
|
- cron: '50 7 * * 5'
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
|
concurrency:
|
||||||
|
group: trivy-scan-${{ github.ref }}
|
||||||
|
cancel-in-progress: true
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
trivy:
|
||||||
|
if: ${{ github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success' }}
|
||||||
|
name: Scan latest container image
|
||||||
|
runs-on: ubuntu-24.04
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
security-events: write
|
||||||
|
|
||||||
|
env:
|
||||||
|
TRIVY_CACHE_DIR: .trivycache
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
fetch-depth: 0
|
||||||
|
persist-credentials: false
|
||||||
|
|
||||||
|
- name: Cache Trivy DB
|
||||||
|
uses: actions/cache@v4
|
||||||
|
with:
|
||||||
|
path: .trivycache
|
||||||
|
key: trivy-${{ runner.os }}-${{ hashFiles('**/Dockerfile') }}
|
||||||
|
restore-keys: |
|
||||||
|
trivy-${{ runner.os }}-
|
||||||
|
|
||||||
|
- name: Run Trivy image scan
|
||||||
|
uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1
|
||||||
|
with:
|
||||||
|
image-ref: ghcr.io/${{ github.repository }}:latest
|
||||||
|
format: sarif
|
||||||
|
output: trivy.sarif
|
||||||
|
ignore-unfixed: true
|
||||||
|
|
||||||
|
- name: Upload SARIF to code scanning
|
||||||
|
uses: github/codeql-action/upload-sarif@v3
|
||||||
|
with:
|
||||||
|
sarif_file: trivy.sarif
|
||||||
Reference in New Issue
Block a user