List of Google Cloud Platform (GCP) Permissions required to run Trivy for kubernetes security scanning #357
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Auto-close issues | |
| on: | |
| issues: | |
| types: [opened] | |
| jobs: | |
| close_issue: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Close issue if user does not have write or admin permissions | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| // Get the issue creator's username | |
| const issueCreator = context.payload.issue.user.login; | |
| // Check the user's permissions for the repository | |
| const repoPermissions = await github.rest.repos.getCollaboratorPermissionLevel({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| username: issueCreator | |
| }); | |
| const permission = repoPermissions.data.permission; | |
| // If the user does not have write or admin permissions, leave a comment and close the issue | |
| if (permission !== 'write' && permission !== 'admin') { | |
| const commentBody = "Please see https://aquasecurity.github.io/trivy/latest/community/contribute/issue/"; | |
| await github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.payload.issue.number, | |
| body: commentBody | |
| }); | |
| await github.rest.issues.update({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.payload.issue.number, | |
| state: 'closed', | |
| state_reason: 'not_planned' | |
| }); | |
| console.log(`Issue #${context.payload.issue.number} closed because ${issueCreator} does not have sufficient permissions.`); | |
| } |