Fix workflow

streamnative · May 14, 2024 · 3aabc2a · 3aabc2a
1 parent a68e862
commit 3aabc2a
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 7 deletions.
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -11,9 +11,15 @@ on:
       - 'LICENSE'
       - 'mesh-worker-service/README.md'
       - 'tools/README.md'
+
+permissions:
+  pull-requests: write
+  issues: write
+
 jobs:
   build:
     name: Scan
+    permissions: write-all
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -63,7 +69,7 @@ jobs:
 
       - name: Build runner images
         run: |
-          PULSAR_IMAGE_TAG=3.2.2.5 PULSAR_IMAGE=streamnative/sn-platform KIND_PUSH=false images/build.sh
+          PULSAR_IMAGE_TAG=3.2.2.6 PULSAR_IMAGE=streamnative/sn-platform KIND_PUSH=false images/build.sh
 
       - name: Run Trivy vulnerability scanner for java
         id: scan-java-runner
@@ -133,7 +139,7 @@ jobs:
             
             // Combine outputs from different steps
             const outputs = [
-              { label: 'Java Runner', output: '${{ steps.scan-java-runner.outputs.result }}'; },
+              { label: 'Java Runner', output: '${{ steps.scan-java-runner.outputs.result }}' },
               { label: 'Python Runner', output: '${{ steps.scan-python-runner.outputs.result }}' },
               { label: 'Go Runner', output: '${{ steps.scan-go-runner.outputs.result }}' },
               { label: 'Java Runner with Pulsarctl', output: '${{ steps.scan-java-pulsarctl-runner.outputs.result }}' },
@@ -146,8 +152,7 @@ jobs:
             combinedMessage = `${uniqueIdentifier}\n\n` + combinedMessage; // Add unique identifier to the message
 
             const issue_number = context.issue.number;
-            const octokit = github.getOctokit(process.env.GITHUB_TOKEN);
-            const { data: comments } = await octokit.rest.issues.listComments({
+            const { data: comments } = await github.rest.issues.listComments({
               ...context.repo,
               issue_number: issue_number,
             });
@@ -157,13 +162,13 @@ jobs:
 
             // Update or create comment
             if (existingComment) {
-              await octokit.rest.issues.updateComment({
+              await github.rest.issues.updateComment({
                 ...context.repo,
                 comment_id: existingComment.id,
                 body: combinedMessage
               });
             } else {
-              await octokit.rest.issues.createComment({
+              await github.rest.issues.createComment({
                 ...context.repo,
                 issue_number: issue_number,
                 body: combinedMessage

diff --git a/images/pulsar-functions-base-runner/Dockerfile b/images/pulsar-functions-base-runner/Dockerfile
@@ -48,7 +48,7 @@ RUN echo "VERSION_TAG=${VERSION_TAG}" && \
     apk update && apk add --no-cache $JRE_PACKAGE_NAME bash
 
 COPY --from=pulsar --chown=$UID:$GID /pulsar/conf /pulsar/conf
-COPY --from=pulsar --chown=$UID:$GID /pulsar/bin /pulsar/bin
+COPY --from=pulsar --chown=$UID:$GID /pulsar/bin/pulsar-admin /pulsar/bin/pulsar-admin
 COPY --from=pulsar --chown=$UID:$GID /pulsar/lib /pulsar/lib
 
 # remove the vertx jar since it's not need ans has a cve