|
1 | | -# This is a Github Action workflow that runs daily at 9:15 AM UTC Time. |
2 | | -# It checks if any of the scanners listed in the matrix section are outdated. |
| 1 | +# This is a Github Action workflow that runs daily at 9:15 AM UTC Time. |
| 2 | +# It checks if any of the scanners listed in the matrix section are outdated. |
3 | 3 | # If a scanner is outdated, it checks if a pull request to upgrade that scanner already exists. |
4 | | -# If it does not, it creates a new pull request with a title that includes the current and new versions of the scanner. |
| 4 | +# If it does not, it creates a new pull request with a title that includes the current and new versions of the scanner. |
5 | 5 | # It also includes the changelog for the new version of the scanner in the body of the pull request. |
6 | | -# This workflow uses a number of third-party actions to accomplish these tasks, |
| 6 | +# This workflow uses a number of third-party actions to accomplish these tasks, |
7 | 7 | # including mikefarah/yq to fetch local and remote versions of the scanners, |
8 | 8 | # crazy-max/ghaction-import-gpg to import a GPG key, and jq to parse the JSON output of the scanner version API. |
9 | 9 |
|
|
31 | 31 | - nuclei |
32 | 32 | - semgrep |
33 | 33 | - ssh-audit |
| 34 | + - ssh-scan |
34 | 35 | - sslyze |
35 | 36 | - trivy |
36 | 37 | - typo3scan |
@@ -67,49 +68,49 @@ jobs: |
67 | 68 | # Fetching scanner version from remote API and making sure it's in the same format as the local version |
68 | 69 | - name: Fetch latest release scanner version |
69 | 70 | run: | |
70 | | - # Set the -e and -o pipefail options to cause the script to exit immediately |
71 | | - # if any command returns a non-zero exit status |
72 | | - set -e |
73 | | - set -o pipefail |
74 | | -
|
75 | | - local=${{env.local}} |
76 | | - release=$(curl -sL ${{env.versionApi}} | jq -er ".tag_name" ) |
77 | | - upgrade=$release |
78 | | -
|
79 | | - # Check the exit status of the curl and jq command |
80 | | - if [[ $? -ne 0 ]] ; then |
81 | | - echo "Error: Failed to download release version" |
82 | | - exit 1 |
83 | | - fi |
84 | | -
|
85 | | - # We check if the first characters of local and release are different i.e whether it's "v1.0.0" or "1.0.0" |
86 | | - # This is to make sure that we don't compare "v1.0.0" to "1.0.0" which would result in an upgrade |
87 | | - # And also we want to keep the version format the same in the helm chart so that it will still correspond the the docker image tag. |
88 | | - # Therefore We make sure to add or remove the "v" character when necessary |
89 | | -
|
90 | | - if [[ ${local:0:1} != ${release:0:1} ]] ; then |
91 | | - # Check if the first character of local is "v" |
92 | | - # In this case docker/local format is "v1.0.0" and github format is "1.0.1" |
93 | | - # We want the upgrade to be "v1.0.1" |
94 | | - if [[ ${local:0:1} == "v" ]] ; then |
95 | | - # set upgrade to "v" followed by the value of release. |
96 | | - upgrade=v${release}; |
97 | | - # Check if the first character of release is "v" |
98 | | - # in this case docker/local format is "1.0.0" and github format is "v1.0.1" |
99 | | - # We want the upgrade to be "1.0.1" |
100 | | - elif [[ ${release:0:1} == "v" ]] ; then |
101 | | - # set upgrade to the value of release without the "v" character |
102 | | - upgrade=$(echo $release| tr -d "v") |
103 | | - fi |
| 71 | + # Set the -e and -o pipefail options to cause the script to exit immediately |
| 72 | + # if any command returns a non-zero exit status |
| 73 | + set -e |
| 74 | + set -o pipefail |
| 75 | +
|
| 76 | + local=${{env.local}} |
| 77 | + release=$(curl -sL ${{env.versionApi}} | jq -er ".tag_name" ) |
| 78 | + upgrade=$release |
| 79 | +
|
| 80 | + # Check the exit status of the curl and jq command |
| 81 | + if [[ $? -ne 0 ]] ; then |
| 82 | + echo "Error: Failed to download release version" |
| 83 | + exit 1 |
| 84 | + fi |
| 85 | +
|
| 86 | + # We check if the first characters of local and release are different i.e whether it's "v1.0.0" or "1.0.0" |
| 87 | + # This is to make sure that we don't compare "v1.0.0" to "1.0.0" which would result in an upgrade |
| 88 | + # And also we want to keep the version format the same in the helm chart so that it will still correspond the the docker image tag. |
| 89 | + # Therefore We make sure to add or remove the "v" character when necessary |
| 90 | +
|
| 91 | + if [[ ${local:0:1} != ${release:0:1} ]] ; then |
| 92 | + # Check if the first character of local is "v" |
| 93 | + # In this case docker/local format is "v1.0.0" and github format is "1.0.1" |
| 94 | + # We want the upgrade to be "v1.0.1" |
| 95 | + if [[ ${local:0:1} == "v" ]] ; then |
| 96 | + # set upgrade to "v" followed by the value of release. |
| 97 | + upgrade=v${release}; |
| 98 | + # Check if the first character of release is "v" |
| 99 | + # in this case docker/local format is "1.0.0" and github format is "v1.0.1" |
| 100 | + # We want the upgrade to be "1.0.1" |
| 101 | + elif [[ ${release:0:1} == "v" ]] ; then |
| 102 | + # set upgrade to the value of release without the "v" character |
| 103 | + upgrade=$(echo $release| tr -d "v") |
104 | 104 | fi |
| 105 | + fi |
105 | 106 |
|
106 | 107 |
|
107 | | - # Save how the latest release version looks in github releases to an environment variable |
108 | | - echo releaseGithub=$release >> $GITHUB_ENV |
109 | | - # Save how the latest release version looks in docker images to an environment variable |
110 | | - echo release=$upgrade >> $GITHUB_ENV |
111 | | - # Output bash exit code |
112 | | - echo exitCode=$? |
| 108 | + # Save how the latest release version looks in github releases to an environment variable |
| 109 | + echo releaseGithub=$release >> $GITHUB_ENV |
| 110 | + # Save how the latest release version looks in docker images to an environment variable |
| 111 | + echo release=$upgrade >> $GITHUB_ENV |
| 112 | + # Output bash exit code |
| 113 | + echo exitCode=$? |
113 | 114 |
|
114 | 115 | - name: Check if scanner is outdated and if PR already exists |
115 | 116 | if: ${{ env.release != env.local && env.release != null }} |
|
0 commit comments