Run Vulnerability Data Script with Parameters and Update PR

Run Vulnerability Data Script with Parameters and Update PR #9

Workflow file for this run

.github/workflows/test-vulnerabilities-data.yml at 12ab7e6

	name: Run Vulnerability Data Script with Parameters and Update PR

	on:
	workflow_dispatch:
	inputs:
	image_name:
	description: 'Docker image name to scan'
	required: true
	default: 'appsmith/appsmith-ce:release'

	jobs:
	run-and-update-pr:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3

	- name: Set up Node.js
	uses: actions/setup-node@v3
	with:
	node-version: '20'

	- name: Login to DockerHub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKER_HUB_USERNAME }}
	password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}

	- name: Install pg
	run: npm install pg

	# Run Scout vulnerability data script
	- name: Run Scout vulnerability data script
	if: always()
	env:
	DB_HOST: ${{ secrets.CYPRESS_DB_HOST }}
	DB_NAME: ${{ secrets.CYPRESS_DB_NAME }}
	DB_USER: ${{ secrets.CYPRESS_DB_USER }}
	DB_PWD: ${{ secrets.CYPRESS_DB_PWD }}
	run: \|
	chmod +x scripts/scout_vulnerabilities_data.sh
	./scripts/scout_vulnerabilities_data.sh \
	"${{ inputs.image_name }}" \
	"${{ github.event.pull_request.number }}" \
	"${{ github.event.pull_request.html_url }}" \
	"${{ github.run_id }}"

	- name: Run Trivy vulnerability data script
	if: always()
	env:
	DB_HOST: ${{ secrets.CYPRESS_DB_HOST }}
	DB_NAME: ${{ secrets.CYPRESS_DB_NAME }}
	DB_USER: ${{ secrets.CYPRESS_DB_USER }}
	DB_PWD: ${{ secrets.CYPRESS_DB_PWD }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	echo "${{ secrets.GITHUB_TOKEN }}" \| docker login ghcr.io -u "${{ github.actor }}" --password-stdin
	chmod +x scripts/trivy_vulnerabilities_data.sh
	./scripts/trivy_vulnerabilities_data.sh \
	"${{ inputs.image_name }}" \
	"${{ github.event.pull_request.number }}" \
	"${{ github.event.pull_request.html_url }}" \
	"${{ github.run_id }}"

	- name: Check for new vulnerabilities in Scout and Trivy files
	if: always()
	run: \|
	# Check if Scout vulnerabilities file is not empty
	if [ -s "scout_new_vulnerabilities.csv" ]; then
	echo "Scout vulnerabilities detected."
	cat scout_new_vulnerabilities.csv
	exit 1 # Fail the job if data exists
	fi

	# Check if Trivy vulnerabilities file is not empty
	if [ -s "trivy_new_vulnerabilities.csv" ]; then
	echo "Trivy vulnerabilities detected."
	cat trivy_new_vulnerabilities.csv
	exit 1 # Fail the job if data exists
	fi

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Run Vulnerability Data Script with Parameters and Update PR #9

Workflow file

Run Vulnerability Data Script with Parameters and Update PR #9

Jobs

Run details

Workflow file for this run