Skip to content

Routine vulnerability scan #27

Routine vulnerability scan

Routine vulnerability scan #27

Workflow file for this run

name: CI
run-name: ${{ github.event.schedule && 'Routine vulnerability scan' || 'Continuous Integration' }}
on:
push:
pull_request:
schedule:
- cron: "30 12 * * *" # runs everyday at 12h30
env:
PUBLISH_IMAGE: ${{ (github.ref_name == 'main' || github.ref_type == 'tag') && 'TRUE' || 'FALSE'}}
IMAGE_TAG: ${{ github.ref_name == 'main' && 'latest' || github.ref_name }}
IMAGE_NAME: ghcr.io/${{ github.repository }}/arpav-ppcv-backend
jobs:
run-dagger-ci:
runs-on: ubuntu-22.04
steps:
- name: grab code
uses: actions/checkout@v4
- name: setup Python
uses: actions/setup-python@v5
with:
python-version: '3.10'
cache: pip
cache-dependency-path: docker/backend/project_requirements.txt
- name: install dagger for python
uses: insightsengineering/pip-action@v2
with:
packages: dagger-io==0.9.8
- name: login to container registry
if: ${{ env.PUBLISH_IMAGE == 'TRUE' }}
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: run ci
uses: dagger/dagger-for-github@v5
with:
verb: run
args: >-
python tests/ci/main.py
--with-tests
${{ env.PUBLISH_IMAGE == 'TRUE' && format('--publish-docker-image {0}:{1}', env.IMAGE_NAME, env.IMAGE_TAG) || ''}}
version: 0.9.9
# Periodically scan built image for vulnerabilities
- name: run security scanning
if: ${{ github.event.schedule }}
uses: dagger/dagger-for-github@v5
with:
verb: run
args: python tests/ci/main.py --with-security-scan
version: 0.9.9