Rumble Vulnerability Data #290

Workflow file for this run

.github/workflows/rumble-vulnerability-data.yaml at c165b73

	name: Rumble Vulnerability Data
	on:
	schedule:
	- cron: "1 5 * * *"
	workflow_dispatch:
	push:
	branches: [rumble-insights]

	env:
	PROJECT_ID: "${{ secrets.PROJECT_ID }}"
	WORKLOAD_IDENTITY_PROVIDER: "${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}"
	SERVICE_ACCOUNT: "${{ secrets.GH_ACTION_SERVICE_ACCOUNT }}"
	GH_TOKEN: ${{ github.token }}

	defaults:
	run:
	shell: bash
	working-directory: ./tools/rumble

	jobs:
	generate-csvs-and-json:
	runs-on: ubuntu-latest

	permissions:
	contents: read
	id-token: write # federate with GCP

	steps:
	- name: 'Github Actions Runner'
	uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
	with:
	egress-policy: audit

	- name: 'Checkout default branch to $GITHUB_WORKSPACE dir'
	uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3

	- name: Set up Go
	uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # actions/setup-go@v4
	with:
	go-version: '^1.21.0'

	- name: Authenticate to Google Cloud
	id: auth
	uses: google-github-actions/auth@ceee102ec2387dd9e844e01b530ccd4ec87ce955 # v0
	with:
	token_format: 'access_token'
	project_id: "${{ env.PROJECT_ID }}"
	workload_identity_provider: "${{ env.WORKLOAD_IDENTITY_PROVIDER }}"
	service_account: "${{ env.SERVICE_ACCOUNT }}"

	- name: Generate vulnerability JSON files
	run: \|
	go run main.go vulns \
	--project prod-images-c6e5 \
	--db insights_ds \
	--gcs-project chainguard-academy \
	--bucket chainguard-academy \
	--upload

	- name: Generate image comparison CSVs
	run: \|
	go run main.go image-csv \
	--project prod-images-c6e5 \
	--db insights_ds \
	--gcs-project chainguard-academy \
	--bucket chainguard-academy \
	--rumble-json-path ../../data/rumble.json \
	--upload

	- name: Generate legacy comparison CSV
	run: \|
	go run main.go legacy-csv \
	--project prod-images-c6e5 \
	--db insights_ds \
	--gcs-project chainguard-academy \
	--bucket chainguard-academy \
	--upload

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Rumble Vulnerability Data #290

Workflow file

Rumble Vulnerability Data #290

Jobs

Run details

Workflow file for this run