From d3986b027da724846a6e5f7c39adbf1fd226d711 Mon Sep 17 00:00:00 2001
From: Brijeshthummar02 <brijeshthummar02@gmail.com>
Date: Sat, 22 Mar 2025 20:50:34 +0530
Subject: [PATCH 1/2] Update CVE checks workflow to trigger on changes in
 'infra/' directory

---
 .github/workflows/cve_checks.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/cve_checks.yml b/.github/workflows/cve_checks.yml
index e979c3454..e8d13317a 100644
--- a/.github/workflows/cve_checks.yml
+++ b/.github/workflows/cve_checks.yml
@@ -1,9 +1,14 @@
 name: "Infra: CVE checks"
+
 on:
   pull_request:
     types: [ "opened", "reopened", "synchronize" ]
+    paths:
+      - 'infra/**'  # Run only when files in 'infra/' change
   push:
     branches: [ "main" ]
+    paths:
+      - 'infra/**'
   workflow_dispatch:
   schedule:
     # * is a special character in YAML so you have to quote this string
@@ -76,7 +81,7 @@ jobs:
 
   notify:
     needs: check-cves
-    if: ${{ always() && needs.build-and-test.result == 'failure' && github.event_name == 'schedule' }}
+    if: ${{ always() && needs.check-cves.result == 'failure' && github.event_name == 'schedule' }}
     uses: ./.github/workflows/infra_discord_hook.yml
     with:
       message: "Attention! CVE checks run failed! Please fix them CVEs :("

From 1ae362afac0841d7c3133d59278ec0440a834264 Mon Sep 17 00:00:00 2001
From: Brijeshthummar02 <brijeshthummar02@gmail.com>
Date: Sat, 29 Mar 2025 13:51:44 +0530
Subject: [PATCH 2/2] Update CVE checks workflow to monitor additional
 directories and files

---
 .github/workflows/cve_checks.yml | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/cve_checks.yml b/.github/workflows/cve_checks.yml
index e8d13317a..d5937a3ca 100644
--- a/.github/workflows/cve_checks.yml
+++ b/.github/workflows/cve_checks.yml
@@ -1,24 +1,33 @@
 name: "Infra: CVE checks"
-
 on:
   pull_request:
     types: [ "opened", "reopened", "synchronize" ]
     paths:
-      - 'infra/**'  # Run only when files in 'infra/' change
+      - 'backend/**'
+      - 'frontend/**'
+      - 'api/**'
+      - 'gradle/**'
+      - 'Dockerfile'
+      - 'build.gradle'
+      - 'settings.gradle'
   push:
     branches: [ "main" ]
     paths:
-      - 'infra/**'
+      - 'backend/**'
+      - 'frontend/**'
+      - 'api/**'
+      - 'gradle/**'
+      - 'Dockerfile'
+      - 'build.gradle'
+      - 'settings.gradle'
   workflow_dispatch:
   schedule:
-    # * is a special character in YAML so you have to quote this string
     - cron: '0 8 15 * *'
 
 permissions:
   contents: read
 
 jobs:
-
   check-cves:
     runs-on: ubuntu-latest
 
@@ -73,7 +82,7 @@ jobs:
           cache-to: type=local,dest=/tmp/.buildx-cache
 
       - name: Run CVE checks
-        uses: aquasecurity/trivy-action@0.29.0
+        uses: aquasecurity/trivy-action@v0.29.0
         with:
           image-ref: "ghcr.io/kafbat/kafka-ui:latest"
           format: "table"