Skip to content

Scanner mappings update #67

Scanner mappings update

Scanner mappings update #67

name: Scanner mappings update
on:
schedule:
- cron: "0 0 * * *"
jobs:
update-scanner-mappings:
runs-on: ubuntu-latest
env:
REPOMAPPING_DIR: repomapping
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Authenticate with Google Cloud
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.GOOGLE_SA_STACKROX_HUB_VULN_DUMP_UPLOADER }}
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v2
- name: Download repository mappings
run: |
curl --fail --silent --show-error --max-time 60 --retry 3 --create-dirs \
-o '${{env.REPOMAPPING_DIR}}/#1' \
'https://access.redhat.com/security/data/metrics/{repository-to-cpe.json,container-name-repos-map.json}'
for f in ${{env.REPOMAPPING_DIR}}/*; do
jq empty "$f"
done
- name: Upload repository mappings to Google Cloud Storage
run: |
# Zip the files into mapping.zip
zip mapping.zip ${{env.REPOMAPPING_DIR}}/*
mkdir -p redhat-repository-mappings && mv mapping.zip redhat-repository-mappings/
# Upload mapping.zip to Google Cloud Storage
gsutil cp -r "redhat-repository-mappings" "gs://definitions.stackrox.io/v4"
- name: Send Slack notification on workflow failure
if: failure()
run: |
curl -X POST -H 'Content-type: application/json' --data '{"text":"<!subteam^S04S96AAVND|acs-scanner-primary> Failure in Scanner V4 Updater Workflow: Update Repository Mappings"}' ${{ secrets.SLACK_ONCALL_SCANNER_WEBHOOK }}