cve.yaml

name: CVE checks monthly
on:
  workflow_dispatch:
  schedule:
    - cron: '0 8 15 * *' # at 8 AM 15th day of a month

jobs:
  images:
    runs-on: ubuntu-latest
    env:
      REGISTRY: 436866023604.dkr.ecr.eu-central-1.amazonaws.com
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 1
      - name: Set up JDK 17
        uses: actions/setup-java@v3
        with:
          java-version: '17'
          distribution: 'temurin'
          cache: 'gradle'
      - name: Cache local Gradle dependencies
        uses: actions/cache@v3
        with:
          path: |
            ~/.gradle/caches
            ~/.gradle/wrapper
          key: ${{ runner.os }}-shared-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
          restore-keys: |
            ${{ runner.os }}-gradle-
      - name: Build the image without tests
        env:
          GENERATE_SOURCEMAP: false
          CI: false
        run: ./gradlew jibDockerBuild -x test --no-daemon --image opendatadiscovery/${{ github.event.repository.name }} --scan -Pversion=cve
      - uses: aquasecurity/trivy-action@0.11.2
        with:
          image-ref: "opendatadiscovery/odd-platform:cve"
          format: "table"
          exit-code: "1"