build(security): add nightly run of govulncheck with continue-on-erro…

…r: false
kanisterio · Mar 27, 2024 · 21df581 · 21df581
1 parent 510494c
commit 21df581
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/.github/workflows/dependendy-review.yml b/.github/workflows/dependendy-review.yml
@@ -5,7 +5,12 @@
 # Source repository: https://github.com/actions/dependency-review-action
 # Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
 name: 'Dependency Review'
-on: [pull_request]
+on:
+  ## Nightly
+  schedule:
+    - cron: '0 0 * * *'
+  pull_request:
+
 
 permissions:
   contents: read
@@ -21,7 +26,7 @@ jobs:
       - id: govulncheck
         name: 'Govulncheck'
         uses: golang/govulncheck-action@3a32958c2706f7048305d5a2e53633d7e37e97d0 # v1.0.2
-        continue-on-error: true
+        continue-on-error: ${{ github.event_name == 'pull_request' }}
         with:
           repo-checkout: false
           cache: false