e-m-b-a · m-1-k-3 · Feb 25, 2023 · Feb 24, 2023 · Feb 24, 2023 · Feb 24, 2023
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -21,5 +21,8 @@ jobs:
           haskell: true
           large-packages: true
           swap-storage: true
-      - name: Build EMBA Docker image
-        run: docker-compose build --no-cache --pull
+      - name: EMBA container build
+        uses: Wandalen/wretry.action@master
+        with:
+          command: docker-compose build --no-cache --pull && ./emba -d -y -j
+          attempt_limit: 3
diff --git a/.github/workflows/snyk_update.yml b/.github/workflows/snyk_update.yml
@@ -0,0 +1,41 @@
+name: Update Snyk database
+
+on:
+  schedule:
+    - cron: '0 0 * * 0' # do it every week
+
+jobs:
+  update_snyk_db:
+    if: github.repository_owner == 'e-m-b-a'
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout Branch
+      uses: actions/checkout@v3
+    - name: Install requirements
+      run: |
+        sudo apt-get update -y
+        sudo apt-get install lynx wget -y
+    - name: update Snyk db
+      run: |
+        ./helpers/snyk_crawler.sh
+    - name: Create Pull Request
+      id: cpr
+      uses: peter-evans/create-pull-request@v4
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+        commit-message: Update Snyk database
+        committer: GitHub <noreply@github.com>
+        author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
+        signoff: false
+        branch: snyk_update
+        delete-branch: true
+        title: 'Snyk database update'
+        body: |
+          Update report
+          - Updated latest Snyk exploits
+        labels: |
+          db_update
+          automated pr
+        milestone: 0
+        draft: false
diff --git a/.github/workflows/trivy-container-check.yml b/.github/workflows/trivy-container-check.yml
@@ -3,13 +3,12 @@
 # separate terms of service, privacy policy, and support
 # documentation.
 
-name: trivy-image-check
+name: Trivy docker image security check
 
 on:
   schedule:
     - cron: '0 0 * * *' # do it every day
 
-
 permissions:
   contents: read
 

diff --git a/check_project.sh b/check_project.sh
@@ -27,11 +27,12 @@ if [[ "$STRICT_MODE" -eq 1 ]]; then
   trap 'wickStrictModeFail $?' ERR  # The ERR trap is triggered when a script catches an error
 fi
 
-GREEN='\033[0;32m'
-ORANGE='\033[0;33m'
-RED='\033[0;31m'
-BOLD='\033[1m'
-NC='\033[0m' # no color
+export GREEN='\033[0;32m'
+export ORANGE='\033[0;33m'
+export RED='\033[0;31m'
+export BLUE='\033[0;34m'
+export BOLD='\033[1m'
+export NC='\033[0m' # no color
 
 INSTALLER_DIR="./installer"
 HELP_DIR="./helpers"
@@ -173,7 +174,7 @@ check() {
   echo -e "\\n""$GREEN""Run shellcheck and semgrep:""$NC""\\n"
   for SOURCE in "${SOURCES[@]}"; do
     echo -e "\\n""$GREEN""Run ${ORANGE}shellcheck$GREEN on $ORANGE$SOURCE""$NC""\\n"
-    if shellcheck -P "$HELP_DIR":"$MOD_DIR":"$MOD_DIR_LOCAL" -a ./emba "$SOURCE" || [[ $? -ne 1 && $? -ne 2 ]]; then
+    if shellcheck -P "$HELP_DIR":"$MOD_DIR":"$MOD_DIR_LOCAL" "$SOURCE" || [[ $? -ne 1 && $? -ne 2 ]]; then
       echo -e "$GREEN""$BOLD""==> SUCCESS""$NC""\\n"
     else
       echo -e "\\n""$ORANGE""$BOLD""==> FIX ERRORS""$NC""\\n"

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -45,7 +45,6 @@ services:
         - /dev:/dev
         - /lib/modules:/lib/modules:ro
         - /boot:/boot:ro
-          # - /etc/timezone:/etc/timezone:ro
     environment:
         - USER
     devices: