-
Notifications
You must be signed in to change notification settings - Fork 149
43 lines (37 loc) · 1.89 KB
/
security-audit.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# This is a security audit workflow that runs security audit checks and send an email in case any vulnerabilities are detected.
name: Security Audit
on:
schedule:
- cron: '0 0 * * *' #runs daily at 12:00 am UTC
jobs:
security_audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run security audit check
id: cargo-audit
if: github.repository == 'project-akri/akri' # only run on main repo and not forks
continue-on-error: true
uses: rustsec/audit-check@v1.4.1
with:
# token is only used for creating the audit report and does not impact the
# functionality or success/failure of the job in case the token is unavailable
token: ${{ secrets.GITHUB_TOKEN }}
# sends an email if security audit failed
- name: Send mail
if: steps.cargo-audit.outcome != 'success' && github.repository == 'project-akri/akri' # only run on main repo and not forks
uses: dawidd6/action-send-mail@v3
with:
server_address: smtp-mail.outlook.com
server_port: 587
username: ${{secrets.AKRI_BOT_EMAIL}}
password: ${{secrets.AKRI_BOT_PASSWORD}}
subject: "Security vulnerability detected in ${{github.repository}}"
body: |-
A security vulnerability was detected in one or more of Akri's dependencies. For more details, check the output of the [security audit workflow](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}})
Hint: In most cases, running the [auto-update dependencies](https://github.com/project-akri/akri/actions/workflows/auto-update-dependencies.yml) workflow will fix the issue.
-Your friendly Akri bot 🤖
to: ${{secrets.AKRI_TEAM_EMAIL}}
from: ${{secrets.AKRI_BOT_EMAIL}}
content_type: text/html
convert_markdown: true