Skip to content

Rumble Vulnerability Data #480

Rumble Vulnerability Data

Rumble Vulnerability Data #480

name: Rumble Vulnerability Data
on:
schedule:
- cron: "1 5 * * *"
workflow_dispatch:
push:
branches: [rumble-insights]
env:
GH_TOKEN: ${{ github.token }}
defaults:
run:
shell: bash
working-directory: ./tools/rumble
jobs:
generate-csvs-and-json:
runs-on: ubuntu-latest
if: github.repository == 'chainguard-dev/edu'
permissions:
contents: read
id-token: write # federate with GCP
steps:
- name: 'Github Actions Runner'
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: 'Checkout default branch to $GITHUB_WORKSPACE dir'
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # actions/setup-go@v4
with:
go-version-file: ./tools/rumble/go.mod
check-latest: true
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7
with:
service_account: "github-chainguard-academy@chainguard-academy.iam.gserviceaccount.com"
workload_identity_provider: "projects/456977358484/locations/global/workloadIdentityPools/chainguard-academy/providers/chainguard-edu"
- name: Generate vulnerability JSON files
run: |
go run main.go vulns \
--project prod-enforce-fabc \
--db cloudevents_grype_scan_results \
--gcs-project chainguard-academy \
--bucket chainguard-academy \
--upload
- name: Generate image comparison CSVs
run: |
go run main.go image-csv \
--project prod-enforce-fabc \
--db cloudevents_grype_scan_results \
--gcs-project chainguard-academy \
--bucket chainguard-academy \
--rumble-json-path ../../data/rumble.json \
--upload
- name: Generate legacy comparison CSV
run: |
go run main.go legacy-csv \
--project prod-enforce-fabc \
--db cloudevents_grype_scan_results \
--gcs-project chainguard-academy \
--bucket chainguard-academy \
--upload
- name: Post failure notice to Slack
uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990 # v2.3.2
if: ${{ failure() }}
env:
SLACK_ICON: http://github.com/chainguard-dev.png?size=48
SLACK_USERNAME: guardian
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
SLACK_CHANNEL: 'alerts-edu'
SLACK_COLOR: '#8E1600'
MSG_MINIMAL: 'true'
SLACK_TITLE: 'Rumble vuln data failed - ${{ github.repository }}'
SLACK_MESSAGE: |
For detailed logs: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}