Also do a non-required to merge vuln scan on PRs.

pulibrary · Jul 24, 2024 · 18944da · 18944da
1 parent 414da64
commit 18944da
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/.github/workflows/nightly-vuln-scanning.yml b/.github/workflows/nightly-vuln-scanning.yml
@@ -3,6 +3,9 @@ name: Run nightly vulnerability check
 on:
   schedule:
     - cron: '0 0 * * *'
+  pull_request:
+    branches:
+      - main
 
 # Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
 env:
@@ -19,15 +22,15 @@ jobs:
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/[email protected]
         id: runscanner
-        continue-on-error: true
+        continue-on-error: ${{ github.event_name != 'pull_request' }}
         with:
           image-ref: 'ghcr.io/pulibrary/dpul-collections:main'
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'
-          output: 'vulnerabilities.table'
+          output: ${{ github.event_name != 'pull_request' && 'vulnerabilities.table' || null }}
       - name: Set variables
         id: scanner
         run: |
@@ -42,7 +45,7 @@ jobs:
           SCANNER_OUTPUTS: ${{ steps.scanner.outputs.results }}
         run: echo "${{ env.SCANNER_OUTPUTS }}"
       - name: Create issue
-        if: job.steps.runscanner.status == failure()
+        if: job.steps.runscanner.status == failure() && github.event_name != 'pull_request'
         uses: JasonEtco/create-an-issue@v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}