Update vuln-list-redhat repo #4381
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update vuln-list-redhat repo | |
| on: | |
| schedule: | |
| - cron: "0 */6 * * *" | |
| workflow_dispatch: | |
| jobs: | |
| update: | |
| name: Update vuln-list-redhat | |
| runs-on: ubuntu-2404-2core | |
| permissions: | |
| contents: read | |
| env: | |
| VULN_LIST_DIR: "vuln-list-redhat" | |
| steps: | |
| # vuln-list-redhat dir uses more than 20GB of storage | |
| - name: Free disk space | |
| run: | | |
| sudo rm -rf /usr/share/dotnet | |
| sudo rm -rf /usr/local/lib/android | |
| sudo rm -rf /opt/ghc | |
| sudo rm -rf /usr/local/.ghcup | |
| sudo rm -rf /usr/local/share/boost | |
| sudo rm -rf /opt/hostedtoolcache/CodeQL | |
| sudo docker image prune --all --force > /dev/null | |
| df -h | |
| - name: Check out code | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Go | |
| uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: go.mod | |
| - name: Check out vuln-list-redhat repo | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| repository: ${{ github.repository_owner }}/${{ env.VULN_LIST_DIR }} | |
| path: ${{ env.VULN_LIST_DIR }} | |
| persist-credentials: false # update-source action mints a fresh token per push | |
| - name: Setup github user email and name | |
| run: | | |
| git config --global user.email "action@github.com" | |
| git config --global user.name "GitHub Action" | |
| - name: Compile vuln-list-update | |
| run: go build -o vuln-list-update . | |
| - if: always() | |
| name: Red Hat OVALv2 | |
| uses: ./.github/actions/update-source | |
| with: | |
| target: redhat-oval | |
| client-id: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repository: ${{ env.VULN_LIST_DIR }} | |
| commit-message: "Red Hat OVAL v2" | |
| - if: always() | |
| name: Red Hat CSAF VEX | |
| uses: ./.github/actions/update-source | |
| with: | |
| target: redhat-csaf-vex | |
| client-id: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repository: ${{ env.VULN_LIST_DIR }} | |
| commit-message: "Red Hat CSAF VEX" | |
| - if: always() | |
| name: Red Hat Security Data API | |
| uses: ./.github/actions/update-source | |
| with: | |
| target: redhat | |
| client-id: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_CLIENT_ID }} | |
| private-key: ${{ secrets.SA_GH_VULN_LIST_UPDATE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| repository: ${{ env.VULN_LIST_DIR }} | |
| commit-message: "Red Hat Security Data API" | |
| - name: Microsoft Teams Notification | |
| uses: Skitionek/notify-microsoft-teams@e7a2493ac87dad8aa7a62f079f295e54ff511d88 | |
| if: failure() | |
| with: | |
| webhook_url: ${{ secrets.TRIVY_MSTEAMS_WEBHOOK }} | |
| needs: ${{ toJson(needs) }} | |
| job: ${{ toJson(job) }} | |
| steps: ${{ toJson(steps) }} |