build(security): add nightly run of govulncheck with continue-on-error: false
#2792
Conversation
There was a problem hiding this comment.
This seem to be overloading the 'dependency review' workflow.
The dependency review workflow is meant to be run on PRs. AFAIK, it only makes sense to run actions/dependency-review-action in PRs, or anything that results in changing the dependencies, but a PR workflow would be the gate for that.
It may make sense to split this into 2 separate workflows in either of the following ways (there may be others)
- [probably preferred] Either have a separate workflow for the nightly job that only runs
govulnand have the name of the workflow reflect that is a nightly. - Or maybe include
govulnin one of the existing periodic/nightly workflows. - Alternatively, have a separate workflow for govuln only, that runs both on PRs and nightly as well.
hairyhum
force-pushed
the
nightly-govulncheck
branch
from
21df581
to
054194c
Compare
Right. This makes more sense. Moved govulncheck to a separate workflow. |
.github/workflows/govulncheck.yaml
Outdated
| continue-on-error: ${{ github.event_name == 'pull_request' }} | ||
| with: | ||
| repo-checkout: false | ||
| cache: false |
There was a problem hiding this comment.
nit: add a newline
| cache: false | |
| cache: false | |
.github/workflows/govulncheck.yaml
Outdated
| on: | ||
| ## Nightly | ||
| schedule: | ||
| - cron: '0 0 * * *' |
There was a problem hiding this comment.
This is UTC IIUC.
It may be a good idea to add some fudge factor here. It does not necessarily need to run exactly at midnight UTC.
There was a problem hiding this comment.
It can be anything. 00:00 UTC is as good a time as any. But I can change it to 1:42 if you want.
hairyhum
force-pushed
the
nightly-govulncheck
branch
from
054194c
to
e689170
Compare
Change Overview
Add nightly trigger to govulncheck
Pull request type
Please check the type of change your PR introduces:
Issues
Test Plan
Make sure action run on PR has continue-on-error: true
Check action run nightly after merge