FIX: trivy fails on scheduled jobs (OpenVisualCloud#1081)

* fix schedule cron condition syntax * update other jobs
DawidWesierski4 · Feb 12, 2025 · e1f2545 · e1f2545
1 parent 9a82762
commit e1f2545
Showing 1 changed file with 61 additions and 4 deletions.
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -35,13 +35,13 @@ jobs:
         security-events: write  # for github/codeql-action/upload-sarif to upload SARIF results
     steps:
       - name: Checkout code
-        if: github.event_name == 'schedule' && github.event.schedule == '0 23 * * '
-        uses: actions/checkout@v2
+        if: github.event_name == 'schedule' && github.event.schedule == '0 23 * * *'
+        uses: actions/checkout@v4
         with:
           ref: maint-25.02 # tmp branch
       - name: Checkout code
-        if: github.event_name == 'schedule' && github.event.schedule == '0 0 * * '
-        uses: actions/checkout@v2
+        if: github.event_name == 'schedule' && github.event.schedule == '0 0 * * *'
+        uses: actions/checkout@v4
         with:
           ref: main
 
@@ -67,12 +67,69 @@ jobs:
         with:
           sarif_file: Trivy-dockerfile.sarif
 
+<<<<<<< HEAD
+=======
+  triv-security-tab-manager:
+    name: manager sarif output scan
+    runs-on: ubuntu-22.04
+    permissions:
+        security-events: write  # for github/codeql-action/upload-sarif to upload SARIF results
+    steps:
+      - name: Checkout code
+        if: github.event_name == 'schedule' && github.event.schedule == '0 23 * * *'
+        uses: actions/checkout@v4
+        with:
+          ref: maint-25.02 # tmp branch
+      - name: Checkout code
+        if: github.event_name == 'schedule' && github.event.schedule == '0 0 * * *'
+        uses: actions/checkout@v4
+        with:
+          ref: main
+
+      - name: Checkout code
+        if: github.event_name != 'schedule'
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.branch }}
+
+      - name: Run Trivy vulnerability scanner with sarif output
+        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0
+        with:
+          scan-type: config
+          scan-ref: ./manager
+          format: sarif
+          exit-code: 0
+          vuln-type: os,library
+          output: Trivy-manager-dockerfile.sarif
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+        with:
+          sarif_file: Trivy-manager-dockerfile.sarif
+
+>>>>>>> bab2045c (FIX: trivy fails on scheduled jobs (#1081))
   trivy-stdout:
     name: table output scan
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout code
+<<<<<<< HEAD
         uses: actions/checkout@v2
+=======
+        if: github.event_name == 'schedule' && github.event.schedule == '0 23 * * *'
+        uses: actions/checkout@v4
+        with:
+          ref: maint-25.02 # tmp branch
+      - name: Checkout code
+        if: github.event_name == 'schedule' && github.event.schedule == '0 0 * * *'
+        uses: actions/checkout@v4
+        with:
+          ref: main
+
+      - name: Checkout code
+        if: github.event_name != 'schedule'
+        uses: actions/checkout@v4
+>>>>>>> bab2045c (FIX: trivy fails on scheduled jobs (#1081))
         with:
           ref: ${{ inputs.branch }}