Update github/codeql-action requirement to 7b0fb5a4ac3b38ee6ee9a3ab6ffe59c27e9c4d3b #539

Workflow file for this run

.github/workflows/cve_checks.yml at 4d225a9

	name: "Infra: CVE checks"
	on:
	pull_request:
	types: [ "opened", "reopened", "synchronize" ]
	push:
	branches: [ "main" ]
	workflow_dispatch:
	schedule:
	# * is a special character in YAML so you have to quote this string
	- cron: '0 8 15 * *'

	permissions:
	contents: read

	jobs:

	check-cves:
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # infered from @v4
	with:
	token: ${{ github.token }}

	- name: Set up JDK
	uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # infered from @v4
	with:
	java-version: '21'
	distribution: 'zulu'
	cache: 'gradle'

	- name: Build project
	id: build
	run: \|
	./gradlew clean build \
	-x test \
	-Pbuild-docker-images=true \
	-Pinclude-frontend=true \
	-Pversion=latest

	- name: Set up QEMU
	uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # infered from @v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # infered from @v3

	- name: Cache Docker layers
	uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # infered from @v4
	with:
	path: /tmp/.buildx-cache
	key: ${{ runner.os }}-buildx-${{ github.sha }}
	restore-keys: \|
	${{ runner.os }}-buildx-

	- name: Build docker image
	uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # infered from @v6
	with:
	builder: ${{ steps.buildx.outputs.name }}
	context: api
	platforms: linux/amd64
	push: false
	load: true
	tags: \|
	ghcr.io/kafbat/kafka-ui:latest
	build-args: \|
	JAR_FILE=build/libs/api-latest.jar
	cache-from: type=local,src=/tmp/.buildx-cache
	cache-to: type=local,dest=/tmp/.buildx-cache

	- name: Run CVE checks
	uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # infered from @v0.29.0
	with:
	image-ref: "ghcr.io/kafbat/kafka-ui:latest"
	format: "table"
	exit-code: "1"

	notify:
	needs: check-cves
	if: ${{ always() && needs.build-and-test.result == 'failure' && github.event_name == 'schedule' }}
	uses: ./.github/workflows/infra_discord_hook.yml
	with:
	message: "Attention! CVE checks run failed! Please fix them CVEs :("
	secrets:
	DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL_CVE }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Update github/codeql-action requirement to 7b0fb5a4ac3b38ee6ee9a3ab6ffe59c27e9c4d3b #539

Workflow file

Update github/codeql-action requirement to 7b0fb5a4ac3b38ee6ee9a3ab6ffe59c27e9c4d3b #539

Uh oh!

Jobs

Run details

Workflow file for this run