cve-report #5

Summary
Jobs
- Report
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/cve-report.yml at e9e4423

	name: cve-report

	on:
	schedule:
	- cron: '0 17 * * *'
	workflow_dispatch:

	concurrency:
	group: ${{ github.workflow }}-${{ github.head_ref \|\| github.ref }}
	cancel-in-progress: true

	jobs:
	report:
	name: Report
	runs-on: ubuntu-24.04
	steps:
	- uses: actions/checkout@v4

	- name: Set up Go
	uses: actions/setup-go@v4
	with:
	go-version: '1.23'

	- name: Prepare git
	env:
	GITHUB_USER: 1gtm
	GITHUB_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }}
	run: \|
	set -x
	git config --global user.name "1gtm"
	git config --global user.email "[email protected]"
	git config --global \
	url."https://${GITHUB_USER}:${GITHUB_TOKEN}@github.com".insteadOf \
	"https://github.com"
	# git remote set-url origin https://${GITHUB_USER}:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git

	- name: Install trivy
	run: \|
	# wget https://github.com/aquasecurity/trivy/releases/download/v0.18.3/trivy_0.18.3_Linux-64bit.deb
	# sudo dpkg -i trivy_0.18.3_Linux-64bit.deb
	sudo apt-get install -y --no-install-recommends wget apt-transport-https gnupg lsb-release
	wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key \| sudo apt-key add -
	echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main \| sudo tee -a /etc/apt/sources.list.d/trivy.list
	sudo apt-get update
	sudo apt-get install -y --no-install-recommends trivy

	- name: Install image packer
	run: \|
	cd /tmp
	curl -fsSL -O https://github.com/kmodules/image-packer/releases/latest/download/image-packer-linux-amd64.tar.gz
	tar -xvf image-packer-linux-amd64.tar.gz
	chmod +x image-packer-linux-amd64
	sudo mv image-packer-linux-amd64 /usr/local/bin/image-packer

	- name: Generate report
	run: \|
	image-packer generate-cve-report \
	--output-dir=catalog \
	--src=catalog/ace.yaml \
	--src=catalog/editor-charts.yaml \
	--src=catalog/feature-charts.yaml \
	--src=catalog/reusable-ui-charts.yaml
	git add catalog/README.md \|\| true
	git commit -s -a -m "Update cve report $(date --rfc-3339=date)"

	- name: Create Pull Request
	uses: peter-evans/create-pull-request@v6
	with:
	token: ${{ secrets.LGTM_GITHUB_TOKEN }}
	title: Update cve report
	branch: update-cve-report
	delete-branch: true
	add-paths: \|
	catalog/README.md
	labels: \|
	automerge

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

cve-report #5

Workflow file

cve-report #5

Jobs

Run details

Workflow file for this run