Skip to content

Commit 9e717a9

Browse files
sjpbsjpb
committed
swap no-scan logic for nightlybuild to branch, not event
1 parent e662e28 commit 9e717a9

File tree

1 file changed

+11
-11
lines changed

1 file changed

+11
-11
lines changed

.github/workflows/nightlybuild.yml

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# NB: When run via workflow_dispatch, image scanning and distribution to other clouds does not happen
1+
# NB: When run in a non-main branch (via workflow_dispatch), image scanning and distribution to other clouds does not happen
22
# on the basis that in this case a fatimage must be built and will be scanned.
33
name: Build nightly image
44
on:
@@ -108,7 +108,7 @@ jobs:
108108
echo "image-id=$IMAGE_ID" >> "$GITHUB_OUTPUT"
109109
110110
- name: Download image
111-
if: github.event_name == 'schedule'
111+
if: github.ref_name == 'main'
112112
run: |
113113
. venv/bin/activate
114114
sudo mkdir /mnt/images
@@ -117,23 +117,23 @@ jobs:
117117
openstack image save --file /mnt/images/${{ steps.manifest.outputs.image-name }}.qcow2 ${{ steps.manifest.outputs.image-id }}
118118
119119
- name: Set up QEMU
120-
if: github.event_name == 'schedule'
120+
if: github.ref_name == 'main'
121121
uses: docker/setup-qemu-action@v3
122122

123123
- name: Install libguestfs
124124
run: |
125125
sudo apt -y update
126126
sudo apt -y install libguestfs-tools
127-
if: github.event_name == 'schedule'
127+
if: github.ref_name == 'main'
128128

129129
- name: Mount image
130-
if: github.event_name == 'schedule'
130+
if: github.ref_name == 'main'
131131
run: |
132132
sudo mkdir -p './${{ steps.manifest.outputs.image-name }}'
133133
sudo guestmount -a /mnt/images/${{ steps.manifest.outputs.image-name }}.qcow2 -i --ro -o allow_other './${{ steps.manifest.outputs.image-name }}'
134134
135135
- name: Run Trivy vulnerability scanner
136-
if: github.event_name == 'schedule'
136+
if: github.ref_name == 'main'
137137
uses: aquasecurity/[email protected]
138138
with:
139139
scan-type: fs
@@ -146,14 +146,14 @@ jobs:
146146
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
147147

148148
- name: Upload Trivy scan results to GitHub Security tab
149-
if: github.event_name == 'schedule'
149+
if: github.ref_name == 'main'
150150
uses: github/codeql-action/upload-sarif@v3
151151
with:
152152
sarif_file: "${{ steps.manifest.outputs.image-name }}.sarif"
153153
category: "${{ matrix.build.label }}"
154154

155155
- name: Fail if scan has CRITICAL vulnerabilities
156-
if: github.event_name == 'schedule'
156+
if: github.ref_name == 'main'
157157
uses: aquasecurity/[email protected]
158158
with:
159159
scan-type: fs
@@ -168,14 +168,14 @@ jobs:
168168

169169

170170
- name: Delete new image if Trivy scan fails
171-
if: github.event_name == 'schedule' && failure() && steps.packer_build.outcome == 'success' # Runs if the Trivy scan found crit vulnerabilities or failed
171+
if: github.ref_name == 'main' && failure() && steps.packer_build.outcome == 'success' # Runs if the Trivy scan found crit vulnerabilities or failed
172172
run: |
173173
. venv/bin/activate
174174
echo "Deleting new image due to critical vulnerabilities or scan failure ..."
175175
openstack image delete "${{ steps.manifest.outputs.image-id }}"
176176
177177
- name: Delete old image
178-
if: github.event_name == 'schedule'
178+
if: github.ref_name == 'main'
179179
run: |
180180
. venv/bin/activate
181181
IMAGE_COUNT=$(openstack image list --name ${{ steps.manifest.outputs.image-name }} -f value -c ID | wc -l)
@@ -190,7 +190,7 @@ jobs:
190190
upload:
191191
name: upload-nightly-targets
192192
needs: build
193-
if: github.event_name == 'schedule'
193+
if: github.ref_name == 'main'
194194
concurrency:
195195
group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.builds.label }}-${{ matrix.target_cloud }}
196196
cancel-in-progress: true

0 commit comments

Comments
 (0)