From e85e6c63d7f9f4eb2c551c7ec93047d02bf11ce2 Mon Sep 17 00:00:00 2001 From: Trey Pendragon Date: Thu, 25 Jul 2024 15:07:24 -0700 Subject: [PATCH] Try auto-closer --- .github/workflows/nightly-vuln-scanning.yml | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/.github/workflows/nightly-vuln-scanning.yml b/.github/workflows/nightly-vuln-scanning.yml index ad7b957f..6310d642 100644 --- a/.github/workflows/nightly-vuln-scanning.yml +++ b/.github/workflows/nightly-vuln-scanning.yml @@ -1,6 +1,10 @@ name: Run nightly vulnerability check on: + push: + branches: + - main + - container-vuln-scanner schedule: - cron: '0 0 * * *' @@ -21,7 +25,7 @@ jobs: id: runscanner continue-on-error: true with: - image-ref: 'ghcr.io/pulibrary/dpul-collections:main' + image-ref: 'ghcr.io/pulibrary/dpul-collections:pr-51' format: 'table' exit-code: '1' ignore-unfixed: true @@ -44,7 +48,7 @@ jobs: SCANNER_OUTPUTS: ${{ steps.scanner.outputs.results }} run: echo "${{ env.SCANNER_OUTPUTS }}" - name: Create issue - if: job.steps.runscanner.status == failure() + if: steps.runscanner.outcome != 'success' uses: JasonEtco/create-an-issue@v2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -53,3 +57,15 @@ jobs: with: filename: .github/failed-vuln-check.md update_existing: true + - name: Find existing security issue + id: issues + if: steps.runscanner.outcome == 'success' + uses: lee-dohm/select-matching-issues@v1 + with: + query: 'Container Vulnerability Scanner Failed is:open ' + token: ${{ secrets.GITHUB_TOKEN }} + - name: Close found issues + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + if: steps.runscanner.outcome == 'success' + run: cat ${{ steps.issues.outputs.path }} | xargs gh issue close -c 'Container Scan Passing on Merge to Main'