add cve check workflow

nasirky · nasirky · commit deb309c15291 · 2025-10-06T18:24:11.000+02:00
diff --git a/.github/workflows/soup-cve-check-workflow.yml b/.github/workflows/soup-cve-check-workflow.yml
@@ -0,0 +1,33 @@
+name: SOUP - CVE Check
+on:
+  workflow_dispatch:
+    inputs:
+      type:
+        description: 'Type of package manager'
+        required: true
+        type: choice
+        options: ['Pub', 'npm']
+      package:
+        description: 'Name of the package'
+        required: true
+        type: string
+      version: 
+        description: 'Version of the package to include'
+        required: true
+        type: string
+
+jobs:
+  check-cves:
+    env:
+      GH_API_TOKEN: ${{ secrets.GH_API_TOKEN }}
+    runs-on: [self-hosted, Linux]
+    steps:
+      - uses: QuickBirdEng/actions/checkout-ssh@main
+        with:
+          ssh-private-key: ${{ secrets.CI_SSH_PRIVATE_KEY_FOR_GITHUB_PRIVATE_REPOS }}
+      - name: JQ Version
+        shell: bash
+        run: jq --version
+      - name: Check CVE
+        shell: bash
+        run: bash cve-check.sh "${{ inputs.type }}" "${{ inputs.package }}" "${{ inputs.version }}" false
