run trivy on release branch (#1068)

zLukas · web-flow · commit d1b247f17ae0 · 2025-02-10T09:35:39.000+01:00
extend trivy scan to release branch:
* add schedule to run every day at 11 p.m on release branch
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -3,6 +3,7 @@ name: Trivy
 on:
   schedule:
     - cron: "0 0 * * *"
+    - cron: "0 23 * * *"
   pull_request:
     branches:
       - main
@@ -34,10 +35,23 @@ jobs:
         security-events: write  # for github/codeql-action/upload-sarif to upload SARIF results
     steps:
       - name: Checkout code
+        if: github.event_name == 'schedule' && github.event.schedule == '0 23 * * '
+        uses: actions/checkout@v2
+        with:
+          ref: maint-25.02 # tmp branch
+      - name: Checkout code
+        if: github.event_name == 'schedule' && github.event.schedule == '0 0 * * '
+        uses: actions/checkout@v2
+        with:
+          ref: main
+
+      - name: Checkout code
+        if: github.event_name != 'schedule'
         uses: actions/checkout@v2
         with:
           ref: ${{ inputs.branch }}
 
+
       - name: Run Trivy vulnerability scanner with sarif output
         uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0
         with:
