diff --git a/.github/workflows/vulnerability-ci.yml b/.github/workflows/vulnerability-ci.yml index dae015bd7c..b325bbc84c 100644 --- a/.github/workflows/vulnerability-ci.yml +++ b/.github/workflows/vulnerability-ci.yml @@ -8,14 +8,14 @@ on: # Allows you to run this workflow manually from the Actions tab workflow_dispatch: - # Schedule the workflow to run every two weeks once + # Schedule the workflow to run weekly every Monday at 5:30 AM UTC schedule: - cron: "30 5 * * 1" jobs: PeriodicVulnerability-CheckOn-frontend-code: - if: github.event_name == 'schedule' + if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' runs-on: ubuntu-latest steps: @@ -43,29 +43,143 @@ jobs: moderate=$(echo $vulnerabilities | jq '.moderate') high=$(echo $vulnerabilities | jq '.high') critical=$(echo $vulnerabilities | jq '.critical') - echo "::set-output name=moderate::$moderate" - echo "::set-output name=high::$high" - echo "::set-output name=critical::$critical" + echo "moderate=$moderate" >> $GITHUB_OUTPUT + echo "high=$high" >> $GITHUB_OUTPUT + echo "critical=$critical" >> $GITHUB_OUTPUT - name: Upload audit report uses: actions/upload-artifact@v4 with: name: Periodic-frontend-audit-report path: Periodic-frontend-audit.json + retention-days: 7 + + - name: Determine notification color + id: determine-color + run: | + critical=${{ steps.parse-audit.outputs.critical }} + high=${{ steps.parse-audit.outputs.high }} + moderate=${{ steps.parse-audit.outputs.moderate }} + total=$((critical + high + moderate)) + + if [ "$critical" -gt 0 ]; then + echo "color=#FF0000" >> $GITHUB_OUTPUT + elif [ "$high" -gt 0 ]; then + echo "color=#FFA500" >> $GITHUB_OUTPUT + else + echo "color=#FFD700" >> $GITHUB_OUTPUT + fi + + echo "total=$total" >> $GITHUB_OUTPUT - name: Send Slack Notification run: | - message="Periodic Security Audit Report Of Frontend directory\n - Node module vulnerabilities summary:\n - 🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n - 🟠 High: ${{ steps.parse-audit.outputs.high }}\n - 🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n - \nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" + payload=$(cat <> $GITHUB_OUTPUT + echo "high=$high" >> $GITHUB_OUTPUT + echo "critical=$critical" >> $GITHUB_OUTPUT - name: Upload audit report uses: actions/upload-artifact@v4 with: name: Periodic-server-audit-report path: Periodic-server-audit.json + retention-days: 7 + + - name: Determine notification color + id: determine-color + run: | + critical=${{ steps.parse-audit.outputs.critical }} + high=${{ steps.parse-audit.outputs.high }} + moderate=${{ steps.parse-audit.outputs.moderate }} + total=$((critical + high + moderate)) + + if [ "$critical" -gt 0 ]; then + echo "color=#FF0000" >> $GITHUB_OUTPUT + elif [ "$high" -gt 0 ]; then + echo "color=#FFA500" >> $GITHUB_OUTPUT + else + echo "color=#FFD700" >> $GITHUB_OUTPUT + fi + + echo "total=$total" >> $GITHUB_OUTPUT - name: Send Slack Notification run: | - message="Periodic Security Audit Report Of Server directory\n - Node module vulnerabilities summary:\n - 🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n - 🟠 High: ${{ steps.parse-audit.outputs.high }}\n - 🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n - \nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" + payload=$(cat <> $GITHUB_OUTPUT + echo "high=$high" >> $GITHUB_OUTPUT + echo "critical=$critical" >> $GITHUB_OUTPUT - name: Upload audit report uses: actions/upload-artifact@v4 with: name: Periodic-marketplace-audit-report path: Periodic-marketplace-audit.json + retention-days: 7 + + - name: Determine notification color + id: determine-color + run: | + critical=${{ steps.parse-audit.outputs.critical }} + high=${{ steps.parse-audit.outputs.high }} + moderate=${{ steps.parse-audit.outputs.moderate }} + total=$((critical + high + moderate)) + + if [ "$critical" -gt 0 ]; then + echo "color=#FF0000" >> $GITHUB_OUTPUT + elif [ "$high" -gt 0 ]; then + echo "color=#FFA500" >> $GITHUB_OUTPUT + else + echo "color=#FFD700" >> $GITHUB_OUTPUT + fi + + echo "total=$total" >> $GITHUB_OUTPUT - name: Send Slack Notification run: | - message="Periodic Security Audit Report Of Marketplace directory\n - Node module vulnerabilities summary:\n - 🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n - 🟠 High: ${{ steps.parse-audit.outputs.high }}\n - 🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n - \nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" + payload=$(cat <> $GITHUB_OUTPUT + echo "high=$high" >> $GITHUB_OUTPUT + echo "critical=$critical" >> $GITHUB_OUTPUT - name: Upload audit report uses: actions/upload-artifact@v4 with: name: Periodic-plugins-audit-report path: Periodic-plugins-audit.json + retention-days: 7 + + - name: Determine notification color + id: determine-color + run: | + critical=${{ steps.parse-audit.outputs.critical }} + high=${{ steps.parse-audit.outputs.high }} + moderate=${{ steps.parse-audit.outputs.moderate }} + total=$((critical + high + moderate)) + + if [ "$critical" -gt 0 ]; then + echo "color=#FF0000" >> $GITHUB_OUTPUT + elif [ "$high" -gt 0 ]; then + echo "color=#FFA500" >> $GITHUB_OUTPUT + else + echo "color=#FFD700" >> $GITHUB_OUTPUT + fi + + echo "total=$total" >> $GITHUB_OUTPUT - name: Send Slack Notification run: | - message="Periodic Security Audit Report Of Plugins directory\n - Node module vulnerabilities summary:\n - 🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n - 🟠 High: ${{ steps.parse-audit.outputs.high }}\n - 🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n - \nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" + payload=$(cat <> $GITHUB_OUTPUT + echo "high=$high" >> $GITHUB_OUTPUT + echo "critical=$critical" >> $GITHUB_OUTPUT - name: Upload audit report uses: actions/upload-artifact@v4 with: name: Periodic-root-audit-report path: Periodic-root-audit.json + retention-days: 7 + + - name: Determine notification color + id: determine-color + run: | + critical=${{ steps.parse-audit.outputs.critical }} + high=${{ steps.parse-audit.outputs.high }} + moderate=${{ steps.parse-audit.outputs.moderate }} + total=$((critical + high + moderate)) + + if [ "$critical" -gt 0 ]; then + echo "color=#FF0000" >> $GITHUB_OUTPUT + elif [ "$high" -gt 0 ]; then + echo "color=#FFA500" >> $GITHUB_OUTPUT + else + echo "color=#FFD700" >> $GITHUB_OUTPUT + fi + + echo "total=$total" >> $GITHUB_OUTPUT - name: Send Slack Notification run: | - message="Periodic Security Audit Report Of Root directory\n - Node module vulnerabilities summary:\n - 🔴 Critical: ${{ steps.parse-audit.outputs.critical }}\n - 🟠 High: ${{ steps.parse-audit.outputs.high }}\n - 🟡 Moderate: ${{ steps.parse-audit.outputs.moderate }}\n - \nDownload Audit Report: http://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" + payload=$(cat <> $GITHUB_OUTPUT + echo "high=$high" >> $GITHUB_OUTPUT + echo "critical=$critical" >> $GITHUB_OUTPUT - name: Upload audit report uses: actions/upload-artifact@v4 with: name: frontend-audit-report path: frontend-audit.json + retention-days: 7 - name: Create or update PR comment uses: peter-evans/create-or-update-comment@v1 @@ -347,15 +918,16 @@ jobs: moderate=$(echo $vulnerabilities | jq '.moderate') high=$(echo $vulnerabilities | jq '.high') critical=$(echo $vulnerabilities | jq '.critical') - echo "::set-output name=moderate::$moderate" - echo "::set-output name=high::$high" - echo "::set-output name=critical::$critical" + echo "moderate=$moderate" >> $GITHUB_OUTPUT + echo "high=$high" >> $GITHUB_OUTPUT + echo "critical=$critical" >> $GITHUB_OUTPUT - name: Upload audit report uses: actions/upload-artifact@v4 with: name: server-audit-report path: server-audit.json + retention-days: 7 - name: Create or update PR comment uses: peter-evans/create-or-update-comment@v1 @@ -401,15 +973,16 @@ jobs: moderate=$(echo $vulnerabilities | jq '.moderate') high=$(echo $vulnerabilities | jq '.high') critical=$(echo $vulnerabilities | jq '.critical') - echo "::set-output name=moderate::$moderate" - echo "::set-output name=high::$high" - echo "::set-output name=critical::$critical" + echo "moderate=$moderate" >> $GITHUB_OUTPUT + echo "high=$high" >> $GITHUB_OUTPUT + echo "critical=$critical" >> $GITHUB_OUTPUT - name: Upload audit report uses: actions/upload-artifact@v4 with: name: marketplace-audit-report path: marketplace-audit.json + retention-days: 7 - name: Create or update PR comment uses: peter-evans/create-or-update-comment@v1 @@ -454,15 +1027,16 @@ jobs: moderate=$(echo $vulnerabilities | jq '.moderate') high=$(echo $vulnerabilities | jq '.high') critical=$(echo $vulnerabilities | jq '.critical') - echo "::set-output name=moderate::$moderate" - echo "::set-output name=high::$high" - echo "::set-output name=critical::$critical" + echo "moderate=$moderate" >> $GITHUB_OUTPUT + echo "high=$high" >> $GITHUB_OUTPUT + echo "critical=$critical" >> $GITHUB_OUTPUT - name: Upload audit report uses: actions/upload-artifact@v4 with: name: plugins-audit-report path: plugins-audit.json + retention-days: 7 - name: Create or update PR comment uses: peter-evans/create-or-update-comment@v1 @@ -508,15 +1082,16 @@ jobs: moderate=$(echo $vulnerabilities | jq '.moderate') high=$(echo $vulnerabilities | jq '.high') critical=$(echo $vulnerabilities | jq '.critical') - echo "::set-output name=moderate::$moderate" - echo "::set-output name=high::$high" - echo "::set-output name=critical::$critical" + echo "moderate=$moderate" >> $GITHUB_OUTPUT + echo "high=$high" >> $GITHUB_OUTPUT + echo "critical=$critical" >> $GITHUB_OUTPUT - name: Upload audit report uses: actions/upload-artifact@v4 with: name: root-audit-report path: root-audit.json + retention-days: 7 - name: Create or update PR comment uses: peter-evans/create-or-update-comment@v1