Skip to content

Scan Kodex

Scan Kodex #759

Workflow file for this run

name: Scan Kodex
on:
workflow_dispatch:
inputs:
logLevel:
description: 'Log level'
required: true
default: INFO
tag:
description: 'CLI image tag'
required: true
default: latest
schedule:
- cron: '0 0 * * *'
env:
MONGO_STRING: ${{ secrets.MONGO_STRING }}
MONGO_DATABASE: ${{ secrets.MONGO_DATABASE }}
REGISTRY: ghcr.io
IMAGE: ${{ github.repository }}/kodex/cli
TAG: ${{ github.event.inputs.tag }}
LOG_LEVEL: ${{ github.event.inputs.logLevel }}
permissions:
packages: read
jobs:
scan:
runs-on: ubuntu-latest
environment: kodex
strategy:
max-parallel: 50
matrix:
repository:
- 'mavenCentral'
options:
# com/
- '--root=com/ --exclude-letters'
- '--root=com/ --include=github/'
- '--root=com/ --include=google/'
- '--root=com/ --from=a --to=h --exclude=github/ --exclude=google/'
- '--root=com/ --from=i --to=q'
- '--root=com/ --from=q --to=z'
# org/
- '--root=org/ --exclude-letters'
- '--root=org/ --include=webjars/'
- '--root=org/ --include=netbeans/'
- '--root=org/ --from=a --to=h'
- '--root=org/ --from=i --to=q --exclude=netbeans/'
- '--root=org/ --from=q --to=z --exclude=webjars/'
# io/
- '--root=io/ --exclude-letters'
- '--root=io/ --include=github/'
- '--root=io/ --from=a --to=h --exclude=github/'
- '--root=io/ --from=i --to=q'
- '--root=io/ --from=q --to=z'
# Rest
- '--exclude-letters'
- '--include=a'
- '--include=b'
- '--include=c --exclude=com/'
- '--include=d'
- '--include=e'
- '--include=f'
- '--include=g'
- '--include=h'
- '--include=i --exclude=io/'
- '--include=j'
- '--include=k'
- '--include=l'
- '--include=m'
- '--include=n'
- '--include=o --exclude=org/'
- '--include=p'
- '--include=q'
- '--include=r'
- '--include=s'
- '--include=t'
- '--include=u'
- '--include=v'
- '--include=w'
- '--include=x'
- '--include=y'
- '--include=z'
steps:
- name: Login to ${{ env.REGISTRY }}
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Scan ${{ matrix.repository }} ${{ matrix.options }}
run: |
docker run -a stderr -a stdout \
-e="LOG_LEVEL=${LOG_LEVEL:-INFO}" \
-e="MONGO_STRING" \
-e="MONGO_DATABASE" \
"${{ env.REGISTRY }}/${{ env.IMAGE }}:${TAG:-latest}" scan ${{ matrix.repository }} ${{ matrix.options }}
capture:
needs: [ scan ]
runs-on: ubuntu-latest
environment: kodex
if: always()
steps:
- name: Login to ${{ env.REGISTRY }}
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Capture the statistics
run: |
docker run -a=stderr -a=stdout --pull=always \
-e="LOG_LEVEL=${LOG_LEVEL:-INFO}" \
-e="MONGO_STRING" \
-e="MONGO_DATABASE" \
"${{ env.REGISTRY }}/${{ env.IMAGE }}:${TAG:-latest}" capture