Don't skip steps. #5

Workflow file for this run

.github/workflows/nightly-vuln-scanning.yml at d0998ca

	name: Run nightly vulnerability check

	on:
	push:
	branches:
	- container-vuln-scanner
	schedule:
	- cron: '0 0 * * *'

	# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
	env:
	REGISTRY: ghcr.io
	IMAGE_NAME: ${{ github.repository }}

	# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
	jobs:
	container-vuln-scan:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v2
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/[email protected]
	with:
	image-ref: 'ghcr.io/pulibrary/dpul-collections:main'
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'
	output: 'vulnerabilities.table'
	- name: Set variables
	id: scanner
	run: echo "results=$(cat vulnerabilities.table)" >> $GITHUB_OUTPUT
	if: always()
	- name: Output variable
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	WORKFLOW_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
	SCANNER_OUTPUTS: ${{ steps.scanner.outputs.results }}
	if: always()
	run: echo "${{ env.SCANNER_OUTPUTS }}"
	- name: Create issue
	if: failure()
	uses: JasonEtco/create-an-issue@v2
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	WORKFLOW_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
	SCANNER_OUTPUTS: ${{ steps.scanner.outputs.results }}
	with:
	filename: .github/failed-vuln-check.md
	update_existing: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Don't skip steps. #5

Workflow file

Don't skip steps. #5

Jobs

Run details

Workflow file for this run