Skip to content

Disable security scan in ci-pr.yml #1375

Disable security scan in ci-pr.yml

Disable security scan in ci-pr.yml #1375

Workflow file for this run

name: CI PRs
on:
pull_request:
env:
ENABLE_SECURITY_SCAN: 'true'
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db,aquasec/trivy-db,ghcr.io/aquasecurity/trivy-db
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db,aquasec/trivy-java-db,ghcr.io/aquasecurity/trivy-java-db
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: find . -type f -name "*.sh" -exec chmod a+x '{}' \;
- uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'liberica'
- name: Build
shell: bash
timeout-minutes: 75
run: |
./mvnw -s .github/settings.xml -B -Pdocs clean install --no-transfer-progress -T 1C
- name: Install XML Utils
if: ${{ failure() }}
uses: ./.github/actions/install-xmlutils
- name: Test Errors Report
if: ${{ failure() }}
shell: bash
run: ./src/scripts/print-test-errors.sh
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner in repo mode
if: ${{ env.ENABLE_SECURITY_SCAN == 'true' }}
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'table'
severity: 'CRITICAL,HIGH'
- name: 'Scanned'
if: ${{ env.ENABLE_SECURITY_SCAN == 'true' }}
shell: bash
run: echo "::info ::Scanned"
done:
runs-on: ubuntu-latest
needs: [ scan, build ]
steps:
- name: 'Done'
shell: bash
run: echo "::info ::Done"