7 add CVE check to ci #89

	name: Test Gradle project

	on: [push, pull_request]

	jobs:

	lint-gradle-project:
	runs-on: ubuntu-latest
	needs: check-cve
	steps:
	- name: Checkout project source
	uses: actions/checkout@v4

	- name: Set Java
	uses: actions/setup-java@v4
	with:
	java-version: '17'
	distribution: 'temurin'

	- name: Set up Gradle
	uses: gradle/actions/setup-gradle@v3

	- name: Run lint
	run: ./gradlew lint

	build-gradle-project:
	runs-on: ubuntu-latest

	needs: lint-gradle-project

	steps:
	- name: Checkout project source
	uses: actions/checkout@v4

	- name: Set Java
	uses: actions/setup-java@v4
	with:
	java-version: 17
	distribution: 'temurin'

	- name: Set up Gradle
	uses: gradle/actions/setup-gradle@v3

	- name: Run build without tests
	run: ./gradlew assemble

	check-cve:
	runs-on: ubuntu-latest
	steps:
	- run: curl https://raw.githubusercontent.com/aquasecurity/trivy/7735ec432a83d5446d13a593ab3b27dd02649ca1/contrib/markdown.tpl -o markdown.tpl
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/[email protected]
	with:
	image-ref: 'razano/ctcd'
	format: 'template'
	template: '@markdown.tpl'
	output: trivy.md
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'
	- run: cat trivy.md >> $GITHUB_STEP_SUMMARY
	if: always()

Provide feedback