Skip to content

Rumble Vulnerability Data #5

Rumble Vulnerability Data

Rumble Vulnerability Data #5

name: Rumble Vulnerability Data
on:
schedule:
- cron: "1 5 * * *"
workflow_dispatch:
push:
branches: [rumble-vulnerability-data]
env:
PROJECT_ID: "${{ secrets.PROJECT_ID }}"
STORAGE_BUCKET: "${{ secrets.STORAGE_BUCKET }}"
WORKLOAD_IDENTITY_PROVIDER: "${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}"
SERVICE_ACCOUNT: "${{ secrets.GH_ACTION_SERVICE_ACCOUNT }}"
GH_TOKEN: ${{ github.token }}
defaults:
run:
shell: bash
working-directory: ./tools/rumble
jobs:
generate-vulnerability-json:
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
steps:
- name: 'Checkout default branch to $GITHUB_WORKSPACE dir'
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@ceee102ec2387dd9e844e01b530ccd4ec87ce955 # v0
with:
token_format: 'access_token'
project_id: "${{ env.PROJECT_ID }}"
workload_identity_provider: "${{ env.WORKLOAD_IDENTITY_PROVIDER }}"
service_account: "${{ env.SERVICE_ACCOUNT }}"
- name: Set up Go
uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # actions/setup-go@v4
with:
go-version: '^1.20.0'
- name: Fetch latest Grype vulnerability database
shell: bash
run: |
curl -s \
$(curl -s https://toolbox-data.anchore.io/grype/databases/listing.json \
|jq -r '.available."5" | .[0] .url') -o- \
|tar xvz
- name: Generate Rumble JSON files
run: go run .