Elgato_dark/ToolJet
1
0
Fork 0
mirror of https://github.com/ToolJet/ToolJet synced 2026-04-21 13:37:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Modify vulnerability CI schedule and notifications

Browse source 
Updated the vulnerability CI workflow to run weekly instead of bi-weekly. Enhanced Slack notifications with structured payloads and added output retention for audit reports.
This commit is contained in:
Adish M 2025-11-17 12:51:09 +05:30 committed by GitHub
parent 373082c880
commit c2e1564533
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 646 additions and 71 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

717
.github/workflows/vulnerability-ci.yml vendored
View file

@ -8,14 +8,14 @@ on:
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# Schedule the workflow to run every two weeks once
# Schedule the workflow to run weekly every Monday at 5:30 AM UTC
schedule:
- cron: "30 5 * * 1"
jobs:
PeriodicVulnerability-CheckOn-frontend-code:
if: github.event_name == 'schedule'
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
steps:
@ -43,29 +43,143 @@ jobs:
moderate=$(echo $vulnerabilities | jq '.moderate')
high=$(echo $vulnerabilities | jq '.high')
critical=$(echo $vulnerabilities | jq '.critical')
echo "::set-output name=moderate::$moderate"
echo "::set-output name=high::$high"
echo "::set-output name=critical::$critical"
echo "moderate=$moderate" >> $GITHUB_OUTPUT
echo "high=$high" >> $GITHUB_OUTPUT
echo "critical=$critical" >> $GITHUB_OUTPUT
- name: Upload audit report
uses: actions/upload-artifact@v4
with:
name: Periodic-frontend-audit-report
path: Periodic-frontend-audit.json
retention-days: 7
- name: Determine notification color
id: determine-color
run: |
critical=${{ steps.parse-audit.outputs.critical }}
high=${{ steps.parse-audit.outputs.high }}
moderate=${{ steps.parse-audit.outputs.moderate }}
total=$((critical + high + moderate))
if [ "$critical" -gt 0 ]; then
echo "color=#FF0000" >> $GITHUB_OUTPUT
elif [ "$high" -gt 0 ]; then
echo "color=#FFA500" >> $GITHUB_OUTPUT
else
echo "color=#FFD700" >> $GITHUB_OUTPUT
fi
echo "total=$total" >> $GITHUB_OUTPUT
- name: Send Slack Notification
run: |
message="Periodic Security Audit Report Of Frontend directory\n
Node module vulnerabilities summary:\n
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n
🟠 High: ${{ steps.parse-audit.outputs.high }}\n
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n
\nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
payload=$(cat <<EOF
{
"attachments": [
{
"color": "${{ steps.determine-color.outputs.color }}",
"blocks": [
{
"type": "header",
"text": {
"type": "plain_text",
"text": "🔒 Periodic Security Audit Report",
"emoji": true
}
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*Repository:*\\n${{ github.repository }}"
},
{
"type": "mrkdwn",
"text": "*Directory:*\\nFrontend"
},
{
"type": "mrkdwn",
"text": "*Branch:*\\nlts-3.16"
},
{
"type": "mrkdwn",
"text": "*Scan Time:*\\n$(date -u +"%Y-%m-%d %H:%M UTC")"
}
]
},
{
"type": "divider"
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Node Module Vulnerabilities:*"
}
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "🔴 *Critical:*\\n${{ steps.parse-audit.outputs.critical }}"
},
{
"type": "mrkdwn",
"text": "🟠 *High:*\\n${{ steps.parse-audit.outputs.high }}"
},
{
"type": "mrkdwn",
"text": "🟡 *Moderate:*\\n${{ steps.parse-audit.outputs.moderate }}"
},
{
"type": "mrkdwn",
"text": "📊 *Total:*\\n${{ steps.determine-color.outputs.total }}"
}
]
},
{
"type": "divider"
},
{
"type": "actions",
"elements": [
{
"type": "button",
"text": {
"type": "plain_text",
"text": "📥 Download Full Report",
"emoji": true
},
"url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}",
"style": "primary"
}
]
}
]
}
]
}
EOF
)
curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$message\"}" ${{ secrets.SLACK_WEBHOOK_URL_VUR }}
response=$(curl -s -w "%{http_code}" -X POST \
-H 'Content-type: application/json' \
--data "$payload" \
"${{ secrets.SLACK_WEBHOOK_URL_VUR }}")
http_code="${response: -3}"
if [ "$http_code" != "200" ]; then
echo "Slack notification failed with HTTP $http_code"
exit 1
fi
echo "Slack notification sent successfully"
PeriodicVulnerability-CheckOn-server-code:
if: github.event_name == 'schedule'
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
steps:
@ -93,29 +207,143 @@ jobs:
moderate=$(echo $vulnerabilities | jq '.moderate')
high=$(echo $vulnerabilities | jq '.high')
critical=$(echo $vulnerabilities | jq '.critical')
echo "::set-output name=moderate::$moderate"
echo "::set-output name=high::$high"
echo "::set-output name=critical::$critical"
echo "moderate=$moderate" >> $GITHUB_OUTPUT
echo "high=$high" >> $GITHUB_OUTPUT
echo "critical=$critical" >> $GITHUB_OUTPUT
- name: Upload audit report
uses: actions/upload-artifact@v4
with:
name: Periodic-server-audit-report
path: Periodic-server-audit.json
retention-days: 7
- name: Determine notification color
id: determine-color
run: |
critical=${{ steps.parse-audit.outputs.critical }}
high=${{ steps.parse-audit.outputs.high }}
moderate=${{ steps.parse-audit.outputs.moderate }}
total=$((critical + high + moderate))
if [ "$critical" -gt 0 ]; then
echo "color=#FF0000" >> $GITHUB_OUTPUT
elif [ "$high" -gt 0 ]; then
echo "color=#FFA500" >> $GITHUB_OUTPUT
else
echo "color=#FFD700" >> $GITHUB_OUTPUT
fi
echo "total=$total" >> $GITHUB_OUTPUT
- name: Send Slack Notification
run: |
message="Periodic Security Audit Report Of Server directory\n
Node module vulnerabilities summary:\n
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n
🟠 High: ${{ steps.parse-audit.outputs.high }}\n
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n
\nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
payload=$(cat <<EOF
{
"attachments": [
{
"color": "${{ steps.determine-color.outputs.color }}",
"blocks": [
{
"type": "header",
"text": {
"type": "plain_text",
"text": "🔒 Periodic Security Audit Report",
"emoji": true
}
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*Repository:*\\n${{ github.repository }}"
},
{
"type": "mrkdwn",
"text": "*Directory:*\\nServer"
},
{
"type": "mrkdwn",
"text": "*Branch:*\\nlts-3.16"
},
{
"type": "mrkdwn",
"text": "*Scan Time:*\\n$(date -u +"%Y-%m-%d %H:%M UTC")"
}
]
},
{
"type": "divider"
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Node Module Vulnerabilities:*"
}
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "🔴 *Critical:*\\n${{ steps.parse-audit.outputs.critical }}"
},
{
"type": "mrkdwn",
"text": "🟠 *High:*\\n${{ steps.parse-audit.outputs.high }}"
},
{
"type": "mrkdwn",
"text": "🟡 *Moderate:*\\n${{ steps.parse-audit.outputs.moderate }}"
},
{
"type": "mrkdwn",
"text": "📊 *Total:*\\n${{ steps.determine-color.outputs.total }}"
}
]
},
{
"type": "divider"
},
{
"type": "actions",
"elements": [
{
"type": "button",
"text": {
"type": "plain_text",
"text": "📥 Download Full Report",
"emoji": true
},
"url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}",
"style": "primary"
}
]
}
]
}
]
}
EOF
)
curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$message\"}" ${{ secrets.SLACK_WEBHOOK_URL_VUR }}
response=$(curl -s -w "%{http_code}" -X POST \
-H 'Content-type: application/json' \
--data "$payload" \
"${{ secrets.SLACK_WEBHOOK_URL_VUR }}")
http_code="${response: -3}"
if [ "$http_code" != "200" ]; then
echo "Slack notification failed with HTTP $http_code"
exit 1
fi
echo "Slack notification sent successfully"
PeriodicVulnerability-CheckOn-marketplace-code:
if: github.event_name == 'schedule'
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
steps:
@ -143,29 +371,143 @@ jobs:
moderate=$(echo $vulnerabilities | jq '.moderate')
high=$(echo $vulnerabilities | jq '.high')
critical=$(echo $vulnerabilities | jq '.critical')
echo "::set-output name=moderate::$moderate"
echo "::set-output name=high::$high"
echo "::set-output name=critical::$critical"
echo "moderate=$moderate" >> $GITHUB_OUTPUT
echo "high=$high" >> $GITHUB_OUTPUT
echo "critical=$critical" >> $GITHUB_OUTPUT
- name: Upload audit report
uses: actions/upload-artifact@v4
with:
name: Periodic-marketplace-audit-report
path: Periodic-marketplace-audit.json
retention-days: 7
- name: Determine notification color
id: determine-color
run: |
critical=${{ steps.parse-audit.outputs.critical }}
high=${{ steps.parse-audit.outputs.high }}
moderate=${{ steps.parse-audit.outputs.moderate }}
total=$((critical + high + moderate))
if [ "$critical" -gt 0 ]; then
echo "color=#FF0000" >> $GITHUB_OUTPUT
elif [ "$high" -gt 0 ]; then
echo "color=#FFA500" >> $GITHUB_OUTPUT
else
echo "color=#FFD700" >> $GITHUB_OUTPUT
fi
echo "total=$total" >> $GITHUB_OUTPUT
- name: Send Slack Notification
run: |
message="Periodic Security Audit Report Of Marketplace directory\n
Node module vulnerabilities summary:\n
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n
🟠 High: ${{ steps.parse-audit.outputs.high }}\n
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n
\nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
payload=$(cat <<EOF
{
"attachments": [
{
"color": "${{ steps.determine-color.outputs.color }}",
"blocks": [
{
"type": "header",
"text": {
"type": "plain_text",
"text": "🔒 Periodic Security Audit Report",
"emoji": true
}
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*Repository:*\\n${{ github.repository }}"
},
{
"type": "mrkdwn",
"text": "*Directory:*\\nMarketplace"
},
{
"type": "mrkdwn",
"text": "*Branch:*\\nlts-3.16"
},
{
"type": "mrkdwn",
"text": "*Scan Time:*\\n$(date -u +"%Y-%m-%d %H:%M UTC")"
}
]
},
{
"type": "divider"
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Node Module Vulnerabilities:*"
}
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "🔴 *Critical:*\\n${{ steps.parse-audit.outputs.critical }}"
},
{
"type": "mrkdwn",
"text": "🟠 *High:*\\n${{ steps.parse-audit.outputs.high }}"
},
{
"type": "mrkdwn",
"text": "🟡 *Moderate:*\\n${{ steps.parse-audit.outputs.moderate }}"
},
{
"type": "mrkdwn",
"text": "📊 *Total:*\\n${{ steps.determine-color.outputs.total }}"
}
]
},
{
"type": "divider"
},
{
"type": "actions",
"elements": [
{
"type": "button",
"text": {
"type": "plain_text",
"text": "📥 Download Full Report",
"emoji": true
},
"url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}",
"style": "primary"
}
]
}
]
}
]
}
EOF
)
curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$message\"}" ${{ secrets.SLACK_WEBHOOK_URL_VUR }}
response=$(curl -s -w "%{http_code}" -X POST \
-H 'Content-type: application/json' \
--data "$payload" \
"${{ secrets.SLACK_WEBHOOK_URL_VUR }}")
http_code="${response: -3}"
if [ "$http_code" != "200" ]; then
echo "Slack notification failed with HTTP $http_code"
exit 1
fi
echo "Slack notification sent successfully"
PeriodicVulnerability-CheckOn-plugins-code:
if: github.event_name == 'schedule'
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
steps:
@ -193,29 +535,143 @@ jobs:
moderate=$(echo $vulnerabilities | jq '.moderate')
high=$(echo $vulnerabilities | jq '.high')
critical=$(echo $vulnerabilities | jq '.critical')
echo "::set-output name=moderate::$moderate"
echo "::set-output name=high::$high"
echo "::set-output name=critical::$critical"
echo "moderate=$moderate" >> $GITHUB_OUTPUT
echo "high=$high" >> $GITHUB_OUTPUT
echo "critical=$critical" >> $GITHUB_OUTPUT
- name: Upload audit report
uses: actions/upload-artifact@v4
with:
name: Periodic-plugins-audit-report
path: Periodic-plugins-audit.json
retention-days: 7
- name: Determine notification color
id: determine-color
run: |
critical=${{ steps.parse-audit.outputs.critical }}
high=${{ steps.parse-audit.outputs.high }}
moderate=${{ steps.parse-audit.outputs.moderate }}
total=$((critical + high + moderate))
if [ "$critical" -gt 0 ]; then
echo "color=#FF0000" >> $GITHUB_OUTPUT
elif [ "$high" -gt 0 ]; then
echo "color=#FFA500" >> $GITHUB_OUTPUT
else
echo "color=#FFD700" >> $GITHUB_OUTPUT
fi
echo "total=$total" >> $GITHUB_OUTPUT
- name: Send Slack Notification
run: |
message="Periodic Security Audit Report Of Plugins directory\n
Node module vulnerabilities summary:\n
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n
🟠 High: ${{ steps.parse-audit.outputs.high }}\n
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n
\nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
payload=$(cat <<EOF
{
"attachments": [
{
"color": "${{ steps.determine-color.outputs.color }}",
"blocks": [
{
"type": "header",
"text": {
"type": "plain_text",
"text": "🔒 Periodic Security Audit Report",
"emoji": true
}
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*Repository:*\\n${{ github.repository }}"
},
{
"type": "mrkdwn",
"text": "*Directory:*\\nPlugins"
},
{
"type": "mrkdwn",
"text": "*Branch:*\\nmain"
},
{
"type": "mrkdwn",
"text": "*Scan Time:*\\n$(date -u +"%Y-%m-%d %H:%M UTC")"
}
]
},
{
"type": "divider"
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Node Module Vulnerabilities:*"
}
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "🔴 *Critical:*\\n${{ steps.parse-audit.outputs.critical }}"
},
{
"type": "mrkdwn",
"text": "🟠 *High:*\\n${{ steps.parse-audit.outputs.high }}"
},
{
"type": "mrkdwn",
"text": "🟡 *Moderate:*\\n${{ steps.parse-audit.outputs.moderate }}"
},
{
"type": "mrkdwn",
"text": "📊 *Total:*\\n${{ steps.determine-color.outputs.total }}"
}
]
},
{
"type": "divider"
},
{
"type": "actions",
"elements": [
{
"type": "button",
"text": {
"type": "plain_text",
"text": "📥 Download Full Report",
"emoji": true
},
"url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}",
"style": "primary"
}
]
}
]
}
]
}
EOF
)
curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$message\"}" ${{ secrets.SLACK_WEBHOOK_URL_VUR }}
response=$(curl -s -w "%{http_code}" -X POST \
-H 'Content-type: application/json' \
--data "$payload" \
"${{ secrets.SLACK_WEBHOOK_URL_VUR }}")
http_code="${response: -3}"
if [ "$http_code" != "200" ]; then
echo "Slack notification failed with HTTP $http_code"
exit 1
fi
echo "Slack notification sent successfully"
PeriodicVulnerability-CheckOn-root-code:
if: github.event_name == 'schedule'
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
steps:
@ -243,26 +699,140 @@ jobs:
moderate=$(echo $vulnerabilities | jq '.moderate')
high=$(echo $vulnerabilities | jq '.high')
critical=$(echo $vulnerabilities | jq '.critical')
echo "::set-output name=moderate::$moderate"
echo "::set-output name=high::$high"
echo "::set-output name=critical::$critical"
echo "moderate=$moderate" >> $GITHUB_OUTPUT
echo "high=$high" >> $GITHUB_OUTPUT
echo "critical=$critical" >> $GITHUB_OUTPUT
- name: Upload audit report
uses: actions/upload-artifact@v4
with:
name: Periodic-root-audit-report
path: Periodic-root-audit.json
retention-days: 7
- name: Determine notification color
id: determine-color
run: |
critical=${{ steps.parse-audit.outputs.critical }}
high=${{ steps.parse-audit.outputs.high }}
moderate=${{ steps.parse-audit.outputs.moderate }}
total=$((critical + high + moderate))
if [ "$critical" -gt 0 ]; then
echo "color=#FF0000" >> $GITHUB_OUTPUT
elif [ "$high" -gt 0 ]; then
echo "color=#FFA500" >> $GITHUB_OUTPUT
else
echo "color=#FFD700" >> $GITHUB_OUTPUT
fi
echo "total=$total" >> $GITHUB_OUTPUT
- name: Send Slack Notification
run: |
message="Periodic Security Audit Report Of Root directory\n
Node module vulnerabilities summary:\n
🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n
🟠 High: ${{ steps.parse-audit.outputs.high }}\n
🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n
\nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
payload=$(cat <<EOF
{
"attachments": [
{
"color": "${{ steps.determine-color.outputs.color }}",
"blocks": [
{
"type": "header",
"text": {
"type": "plain_text",
"text": "🔒 Periodic Security Audit Report",
"emoji": true
}
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*Repository:*\\n${{ github.repository }}"
},
{
"type": "mrkdwn",
"text": "*Directory:*\\nRoot"
},
{
"type": "mrkdwn",
"text": "*Branch:*\\nlts-3.16"
},
{
"type": "mrkdwn",
"text": "*Scan Time:*\\n$(date -u +"%Y-%m-%d %H:%M UTC")"
}
]
},
{
"type": "divider"
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Node Module Vulnerabilities:*"
}
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "🔴 *Critical:*\\n${{ steps.parse-audit.outputs.critical }}"
},
{
"type": "mrkdwn",
"text": "🟠 *High:*\\n${{ steps.parse-audit.outputs.high }}"
},
{
"type": "mrkdwn",
"text": "🟡 *Moderate:*\\n${{ steps.parse-audit.outputs.moderate }}"
},
{
"type": "mrkdwn",
"text": "📊 *Total:*\\n${{ steps.determine-color.outputs.total }}"
}
]
},
{
"type": "divider"
},
{
"type": "actions",
"elements": [
{
"type": "button",
"text": {
"type": "plain_text",
"text": "📥 Download Full Report",
"emoji": true
},
"url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}",
"style": "primary"
}
]
}
]
}
]
}
EOF
)
curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$message\"}" ${{ secrets.SLACK_WEBHOOK_URL_VUR }}
response=$(curl -s -w "%{http_code}" -X POST \
-H 'Content-type: application/json' \
--data "$payload" \
"${{ secrets.SLACK_WEBHOOK_URL_VUR }}")
http_code="${response: -3}"
if [ "$http_code" != "200" ]; then
echo "Slack notification failed with HTTP $http_code"
exit 1
fi
echo "Slack notification sent successfully"
ManualVulnerability-CheckOn-frontend-code:
if: ${{ github.event.action == 'labeled' && (github.event.label.name == 'frontend-vulnerability' || github.event.label.name == 'check-vulnerability') }}
@ -293,15 +863,16 @@ jobs:
moderate=$(echo $vulnerabilities | jq '.moderate')
high=$(echo $vulnerabilities | jq '.high')
critical=$(echo $vulnerabilities | jq '.critical')
echo "::set-output name=moderate::$moderate"
echo "::set-output name=high::$high"
echo "::set-output name=critical::$critical"
echo "moderate=$moderate" >> $GITHUB_OUTPUT
echo "high=$high" >> $GITHUB_OUTPUT
echo "critical=$critical" >> $GITHUB_OUTPUT
- name: Upload audit report
uses: actions/upload-artifact@v4
with:
name: frontend-audit-report
path: frontend-audit.json
retention-days: 7
- name: Create or update PR comment
uses: peter-evans/create-or-update-comment@v1
@ -347,15 +918,16 @@ jobs:
moderate=$(echo $vulnerabilities | jq '.moderate')
high=$(echo $vulnerabilities | jq '.high')
critical=$(echo $vulnerabilities | jq '.critical')
echo "::set-output name=moderate::$moderate"
echo "::set-output name=high::$high"
echo "::set-output name=critical::$critical"
echo "moderate=$moderate" >> $GITHUB_OUTPUT
echo "high=$high" >> $GITHUB_OUTPUT
echo "critical=$critical" >> $GITHUB_OUTPUT
- name: Upload audit report
uses: actions/upload-artifact@v4
with:
name: server-audit-report
path: server-audit.json
retention-days: 7
- name: Create or update PR comment
uses: peter-evans/create-or-update-comment@v1
@ -401,15 +973,16 @@ jobs:
moderate=$(echo $vulnerabilities | jq '.moderate')
high=$(echo $vulnerabilities | jq '.high')
critical=$(echo $vulnerabilities | jq '.critical')
echo "::set-output name=moderate::$moderate"
echo "::set-output name=high::$high"
echo "::set-output name=critical::$critical"
echo "moderate=$moderate" >> $GITHUB_OUTPUT
echo "high=$high" >> $GITHUB_OUTPUT
echo "critical=$critical" >> $GITHUB_OUTPUT
- name: Upload audit report
uses: actions/upload-artifact@v4
with:
name: marketplace-audit-report
path: marketplace-audit.json
retention-days: 7
- name: Create or update PR comment
uses: peter-evans/create-or-update-comment@v1
@ -454,15 +1027,16 @@ jobs:
moderate=$(echo $vulnerabilities | jq '.moderate')
high=$(echo $vulnerabilities | jq '.high')
critical=$(echo $vulnerabilities | jq '.critical')
echo "::set-output name=moderate::$moderate"
echo "::set-output name=high::$high"
echo "::set-output name=critical::$critical"
echo "moderate=$moderate" >> $GITHUB_OUTPUT
echo "high=$high" >> $GITHUB_OUTPUT
echo "critical=$critical" >> $GITHUB_OUTPUT
- name: Upload audit report
uses: actions/upload-artifact@v4
with:
name: plugins-audit-report
path: plugins-audit.json
retention-days: 7
- name: Create or update PR comment
uses: peter-evans/create-or-update-comment@v1
@ -508,15 +1082,16 @@ jobs:
moderate=$(echo $vulnerabilities | jq '.moderate')
high=$(echo $vulnerabilities | jq '.high')
critical=$(echo $vulnerabilities | jq '.critical')
echo "::set-output name=moderate::$moderate"
echo "::set-output name=high::$high"
echo "::set-output name=critical::$critical"
echo "moderate=$moderate" >> $GITHUB_OUTPUT
echo "high=$high" >> $GITHUB_OUTPUT
echo "critical=$critical" >> $GITHUB_OUTPUT
- name: Upload audit report
uses: actions/upload-artifact@v4
with:
name: root-audit-report
path: root-audit.json
retention-days: 7
- name: Create or update PR comment
uses: peter-evans/create-or-update-comment@v1