security-identifiers/.github/workflows/publish.yaml at 5acbf99ad8db8371e58a05f09978b3ffaf0dbe43 · anchore/security-identifiers · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
name: "Publish Security Identifiers Index (development)"
on:
  workflow_dispatch:
  push:
    branches:
      - main

concurrency:
  group: publish-security-identifiers
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  publish-security-identifiers:
    name: "Publish Security Identifiers Index (development)"
    runs-on: runs-on=${{ github.run_id }}/runner=medium-arm
    container:
      image: python:3.13-alpine
    permissions:
      contents: write
      packages: write
    steps:
      - name: Install OS dependencies
        run: apk add --no-cache git taplo sqlite tar zstd curl oras-cli bash
      - name: Configure git
        run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
      - name: Install python dependencies
        run: pip install git+https://github.com/anchore/security-cli
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
        with:
          persist-credentials: false
      - name: Render the security identifiers sqlite index
        run: anchore-security-cli -v id index render --data-path data -o ${{ runner.temp }}/security-identifiers-index
      - name: Login to GHCR via oras
        run: echo ${{ secrets.GITHUB_TOKEN }} | oras login ghcr.io --username "${GITHUB_ACTOR}" --password-stdin
      - name: Publish the security identifiers sqlite index
        run: anchore-security-cli -vvv id index publish --index-dir ${{ runner.temp }}/security-identifiers-index --deploy-to=development