fix: model sdk e2e tests #17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Trivy Scan - Python | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| branches: | |
| - "main" | |
| merge_group: | |
| types: | |
| - checks_requested | |
| env: | |
| GH_SEC_REPORT: false | |
| TRIVY_SEVERITY: "HIGH,CRITICAL" | |
| TRIVY_REPORT_FILE: "trivy-scan-result" | |
| jobs: | |
| javelin-trivy-scan: | |
| permissions: | |
| contents: 'read' | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: true | |
| - name: Trivy Scan - GitHub Security Report | |
| if: ${{ env.GH_SEC_REPORT == 'true' }} | |
| uses: aquasecurity/[email protected] | |
| with: | |
| ignore-unfixed: true | |
| scan-type: "fs" | |
| cache: "true" | |
| format: "sarif" | |
| output: "${{ env.TRIVY_REPORT_FILE }}.sarif" | |
| severity: "${{ env.TRIVY_SEVERITY }}" | |
| - name: Upload Report - GitHub Security Report | |
| if: ${{ env.GH_SEC_REPORT == 'true' }} | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: "${{ env.TRIVY_REPORT_FILE }}.sarif" | |
| - name: Trivy Scan - Text Security Report | |
| if: ${{ env.GH_SEC_REPORT == 'false' }} | |
| uses: aquasecurity/[email protected] | |
| with: | |
| ignore-unfixed: true | |
| scan-type: "fs" | |
| cache: "true" | |
| format: "table" | |
| output: "${{ env.TRIVY_REPORT_FILE }}.txt" | |
| severity: "${{ env.TRIVY_SEVERITY }}" | |
| - name: Report Check - Text Security Report | |
| if: ${{ env.GH_SEC_REPORT == 'false' }} | |
| id: report_check | |
| shell: bash | |
| run: |- | |
| if [[ -s ${{ env.TRIVY_REPORT_FILE }}.txt ]] ; then | |
| echo "report_file=available" >> ${GITHUB_OUTPUT} | |
| else | |
| echo "report_file=unavailable" >> ${GITHUB_OUTPUT} | |
| fi | |
| cat ${{ env.TRIVY_REPORT_FILE }}.txt | |
| - name: Upload Report - Text Security Report | |
| if: ${{ env.GH_SEC_REPORT == 'false' && steps.report_check.outputs.report_file == 'available' }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: "${{ env.TRIVY_REPORT_FILE }}" | |
| path: "${{ env.TRIVY_REPORT_FILE }}.txt" | |
| if-no-files-found: error | |
| retention-days: 1 | |
| - name: Failing the Job | |
| if: ${{ steps.report_check.outputs.report_file == 'available' }} | |
| shell: bash | |
| run: |- | |
| echo "Vulnerabilities Found.....!" | |
| exit 1 |