sigs.k8s.io/cluster-api@v1.7.1/.github/workflows/weekly-security-scan.yaml

sigs.k8s.io/cluster-api@v1.7.1/.github/workflows/weekly-security-scan.yaml (about)

     1  name: Weekly security scan
     2  
     3  on:
     4    schedule:
     5      # Cron for every Monday at 12:00 UTC.
     6      - cron: "0 12 * * 1"
     7  
     8  # Remove all permissions from GITHUB_TOKEN except metadata.
     9  permissions: {}
    10  
    11  jobs:
    12    scan:
    13      strategy:
    14        fail-fast: false
    15        matrix:
    16          branch: [ main, release-1.6, release-1.5 ]
    17      name: Trivy
    18      runs-on: ubuntu-latest
    19      steps:
    20      - name: Check out code
    21        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # tag=v4.1.2
    22        with:
    23          ref: ${{ matrix.branch }}
    24      - name: Calculate go version
    25        id: vars
    26        run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT
    27      - name: Set up Go
    28        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # tag=v5.0.0
    29        with:
    30          go-version: ${{ steps.vars.outputs.go_version }}
    31      - name: Run verify security target
    32        run: make verify-security