-
Notifications
You must be signed in to change notification settings - Fork 156
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build(security): add nightly run of govulncheck with continue-on-error: false
#2792
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seem to be overloading the 'dependency review' workflow.
The dependency review workflow is meant to be run on PRs. AFAIK, it only makes sense to run actions/dependency-review-action
in PRs, or anything that results in changing the dependencies, but a PR workflow would be the gate for that.
It may make sense to split this into 2 separate workflows in either of the following ways (there may be others)
- [probably preferred] Either have a separate workflow for the nightly job that only runs
govuln
and have the name of the workflow reflect that is a nightly. - Or maybe include
govuln
in one of the existing periodic/nightly workflows. - Alternatively, have a separate workflow for govuln only, that runs both on PRs and nightly as well.
21df581
to
054194c
Compare
Right. This makes more sense. Moved govulncheck to a separate workflow. |
.github/workflows/govulncheck.yaml
Outdated
continue-on-error: ${{ github.event_name == 'pull_request' }} | ||
with: | ||
repo-checkout: false | ||
cache: false |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: add a newline
cache: false | |
cache: false | |
.github/workflows/govulncheck.yaml
Outdated
on: | ||
## Nightly | ||
schedule: | ||
- cron: '0 0 * * *' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is UTC IIUC.
It may be a good idea to add some fudge factor here. It does not necessarily need to run exactly at midnight UTC.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It can be anything. 00:00 UTC is as good a time as any. But I can change it to 1:42 if you want.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Comments can be addressed separately
054194c
to
e689170
Compare
Change Overview
Add nightly trigger to govulncheck
Pull request type
Please check the type of change your PR introduces:
Issues
Test Plan
Make sure action run on PR has continue-on-error: true
Check action run nightly after merge