spectrocloud
diff --git a/‎.github/actions/build-cached-cves/action.yaml‎
Lines changed: 46 additions & 0 deletions b/‎.github/actions/build-cached-cves/action.yaml‎
Lines changed: 46 additions & 0 deletions
diff --git a/‎.github/actions/build-cached-packs/action.yaml‎
Lines changed: 1 addition & 1 deletion b/‎.github/actions/build-cached-packs/action.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/dependabot.yaml‎
Lines changed: 6 additions & 0 deletions b/‎.github/workflows/dependabot.yaml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎.github/workflows/nightly-docker-build.yaml‎
Lines changed: 6 additions & 0 deletions b/‎.github/workflows/nightly-docker-build.yaml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎.github/workflows/post_release.yaml‎
Lines changed: 14 additions & 0 deletions b/‎.github/workflows/post_release.yaml‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎.github/workflows/pull_request.yaml‎
Lines changed: 7 additions & 1 deletion b/‎.github/workflows/pull_request.yaml‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎.github/workflows/release-branch-pr.yaml‎
Lines changed: 6 additions & 0 deletions b/‎.github/workflows/release-branch-pr.yaml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎.github/workflows/release-preview.yaml‎
Lines changed: 6 additions & 0 deletions b/‎.github/workflows/release-preview.yaml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎.github/workflows/release.yaml‎
Lines changed: 6 additions & 0 deletions b/‎.github/workflows/release.yaml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎.github/workflows/screenshot_capture.yaml‎
Lines changed: 6 additions & 0 deletions b/‎.github/workflows/screenshot_capture.yaml‎
Lines changed: 6 additions & 0 deletions
@@ -0,0 +1,46 @@
+name: "Build with cached CVEs"
+inputs:
+  gh-token:
+    description: "GitHub Token for authentication"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Install jq (JSON processor) if not found
+      run: |
+        if ! command -v jq &> /dev/null; then
+          sudo apt-get update
+          sudo apt-get install -y jq
+        else
+          echo "jq is already installed. Skipping install..."
+        fi
+      shell: bash
+
+    - name: Download CVE Data
+      run: |
+        # Find the latest CVE upload workflow.
+        run_id=$(gh run list --workflow="post_release.yaml" --limit 1 --status=success --json databaseId | jq -r '.[0].databaseId')
+        echo 'Fetching artifacts from run $run_id'
+        # Remove any downloaded artifacts, should they exist.
+        rm -rf ./downloaded_artifacts
+        # Download the latest artifact to a new dir.
+        gh run download ${run_id} --name security-bulletins --dir ./downloaded_artifacts
+      shell: bash
+      env:
+        GH_TOKEN: ${{ inputs.gh-token }}
+
+    - name: Unpack CVE data
+      run: |
+        # Ensure the correct folders exist.
+        mkdir -p .docusaurus/security-bulletins/default
+        # Move the files to their correct places in the checked out repository
+        mv downloaded_artifacts/data.json .docusaurus/security-bulletins/default/data.json
+        rm -rf downloaded_artifacts
+      shell: bash
+
+    - name: Build
+      run: |
+        rm -rf build
+        npm run build
+      shell: bash
@@ -20,7 +20,7 @@ runs:
     - name: Download Packs Data
       run: |
         # Find the latest packs upload workflow.
-        run_id=$(gh run list --workflow="post_release.yaml" --limit 1 --json databaseId | jq -r '.[0].databaseId')
+        run_id=$(gh run list --workflow="post_release.yaml" --limit 1 --status=success --json databaseId | jq -r '.[0].databaseId')
         # Remove any downloaded artifacts, should they exist.
         rm -rf ./downloaded_artifacts
         # Download the latest artifact to a new dir.
 
@@ -53,3 +53,9 @@ jobs:
         uses: ./.github/actions/build-cached-packs
         with:
           gh-token: ${{ secrets.GITHUB_TOKEN }}
+      
+      - name: Build with cached CVEs
+        if: ${{ env.BUILD_EXIT_CODE == '7' }}
+        uses: ./.github/actions/build-cached-cves
+        with:
+          gh-token: ${{ secrets.GITHUB_TOKEN }}
@@ -42,6 +42,12 @@ jobs:
         uses: ./.github/actions/build-cached-packs
         with:
           gh-token: ${{ secrets.GITHUB_TOKEN }}
+      
+      - name: Build with cached CVEs
+        if: ${{ env.BUILD_EXIT_CODE == '7' }}
+        uses: ./.github/actions/build-cached-cves
+        with:
+          gh-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
 
@@ -50,6 +50,12 @@ jobs:
         with:
           gh-token: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Build with cached CVEs
+        if: ${{ env.BUILD_EXIT_CODE == '7' }}
+        uses: ./.github/actions/build-cached-cves
+        with:
+          gh-token: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Upload Build Packs
         uses: actions/upload-artifact@v4
         with:
@@ -59,3 +65,11 @@ jobs:
             .docusaurus/packs-integrations
           if-no-files-found: error
           retention-days: 7
+
+      - name: Upload Built Security Bulletins
+        uses: actions/upload-artifact@v4
+        with:
+          name: "security-bulletins"
+          path: .docusaurus/security-bulletins/default/data.json
+          if-no-files-found: error
+          retention-days: 7
@@ -23,7 +23,7 @@ env:
   PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }}
   DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
   DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }}
-  DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}
+  DSO_AUTH_TOKEN:  ${{ secrets.DSO_AUTH_TOKEN }}
 
 jobs:
   run-ci:
@@ -104,5 +104,11 @@ jobs:
       - name: Build with cached packs
         if: ${{ env.BUILD_EXIT_CODE == '5' }}
         uses: ./.github/actions/build-cached-packs
+        with:
+          gh-token: ${{ secrets.GITHUB_TOKEN }}
+      
+      - name: Build with cached CVEs
+        if: ${{ env.BUILD_EXIT_CODE == '7' }}
+        uses: ./.github/actions/build-cached-cves
         with:
           gh-token: ${{ secrets.GITHUB_TOKEN }}
@@ -73,3 +73,9 @@ jobs:
       uses: ./.github/actions/build-cached-packs
       with:
         gh-token: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Build with cached CVEs
+      if: ${{ env.BUILD_EXIT_CODE == '7' }}
+      uses: ./.github/actions/build-cached-cves
+      with:
+        gh-token: ${{ secrets.GITHUB_TOKEN }}
@@ -70,6 +70,12 @@ jobs:
         with:
           gh-token: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Build with cached CVEs
+        if: ${{ env.BUILD_EXIT_CODE == '7' }}
+        uses: ./.github/actions/build-cached-cves
+        with:
+          gh-token: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Deploy Preview
         run: |
           aws s3 sync --cache-control 'public, max-age=604800' --exclude '*.html' --exclude build/scripts/ build/ s3://docs-latest.spectrocloud.com --delete
 
@@ -74,6 +74,12 @@ jobs:
         with:
           gh-token: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Build with cached CVEs
+        if: ${{ env.BUILD_EXIT_CODE == '7' }}
+        uses: ./.github/actions/build-cached-cves
+        with:
+          gh-token: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Upload to AWS
         run: |
           echo "CURRENT_STEP=Upload to AWS" >> $GITHUB_ENV
 
@@ -57,6 +57,12 @@ jobs:
         with:
           gh-token: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Build with cached CVEs
+        if: ${{ env.BUILD_EXIT_CODE == '7' }}
+        uses: ./.github/actions/build-cached-cves
+        with:
+          gh-token: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Upload Build
         uses: actions/upload-artifact@v4
         with: