Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add shared action to export advisories in the osv format #50

Merged
merged 1 commit into from Mar 26, 2024
+76 −0
Merged

add shared action to export advisories in the osv format #50

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
76 changes: 76 additions & 0 deletions build-and-publish-osv/action.yaml
View file
Open in desktop
@@ -0,0 +1,76 @@
---
name: 'build-and-publish-osv'
description: |
Build and publish advisories in the OSV format.
inputs:
workload_identity_provider:
description: |
GCO Workload Identity.
required: true
default: ''
service_account:
description: |
GCP service account.
required: true
default: ''
gcp_project_id:
description: |
GCP project id.
required: true
default: ''
wolfictl_args:
description: |
Wolfictl args to run the advisory secdb.
required: true
default: ''
gcs_apk_bucket_name:
description: |
GCS bucket to store the security.json.
required: true
default: ''
gcs_apk_directory_name:
description: |
Directory to store the security.json.
required: false
default: ''
enable_acl_public_read:
description: |
Enable acl public read (set '--canned-acl=publicRead').
required: false
default: ''

runs:
using: "composite"
steps:
- id: auth
name: 'Authenticate to Google Cloud'
uses: google-github-actions/auth@v2
with:
workload_identity_provider: ${{ inputs.workload_identity_provider }}
service_account: ${{ inputs.service_account }}

- uses: google-github-actions/setup-gcloud@v2
with:
project_id: ${{ inputs.gcp_project_id }}

- name: 'Check that GCloud is properly configured'
run: |
gcloud info
gcloud --quiet alpha storage ls 1> /dev/null
shell: bash

- name: Build the security database
uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:1caf04b3d018df12829bdeec93fb1fcc320131d87787de6995847ad1e7aaa77e
with:
entrypoint: wolfictl
args: advisory export --format osv -o osv.yaml ${{ inputs.wolfictl_args }}

- name: 'Upload the security database to a bucket'
run: |
# Don't cache the security.json.
gcloud --quiet alpha storage cp \
${{ inputs.enable_acl_public_read }} --cache-control=no-store \
./osv.yaml \
gs://${{ inputs.gcs_apk_bucket_name }}/${{ inputs.gcs_apk_directory_name}}/
shell: bash