From 5f55589b8e979ea5c75abe40986d513c3c2f97c8 Mon Sep 17 00:00:00 2001 From: Nipuna Ranasinghe Date: Fri, 19 Apr 2024 12:11:23 +0530 Subject: [PATCH] Use centralized workflow for trivy scan --- .github/workflows/trivy-scan.yml | 38 +++++++------------------------- 1 file changed, 8 insertions(+), 30 deletions(-) diff --git a/.github/workflows/trivy-scan.yml b/.github/workflows/trivy-scan.yml index af3cbfa1..c02c8ff4 100644 --- a/.github/workflows/trivy-scan.yml +++ b/.github/workflows/trivy-scan.yml @@ -1,35 +1,13 @@ name: Trivy on: - workflow_call: + workflow_dispatch: + schedule: + - cron: "30 20 * * *" jobs: - ubuntu-build: - name: Build on Ubuntu - runs-on: ubuntu-latest - if: github.repository_owner == 'ballerina-platform' - steps: - - uses: actions/checkout@v3 - - name: Set up JDK 17 - uses: actions/setup-java@v3 - with: - distribution: "temurin" - java-version: 17.0.7 - - - name: Build with Gradle - env: - packageUser: ${{ github.actor }} - packagePAT: ${{ secrets.GITHUB_TOKEN }} - run: ./gradlew build -x check -x test - - - name: Create lib directory if not exists - run: mkdir -p ballerina/lib - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - scan-type: "rootfs" - scan-ref: "/github/workspace/ballerina/lib" - format: "table" - timeout: "10m0s" - exit-code: "1" + call_workflow: + name: Run Trivy Scan Workflow + if: ${{ github.repository_owner == 'ballerina-platform' }} + uses: ballerina-platform/ballerina-library/.github/workflows/trivy-scan-template.yml@main + secrets: inherit