Generate cve report

Signed-off-by: Tamal Saha <tamal@appscode.com>

Author: tamalsaha

.github/workflows/cve-report.yml

@@ -0,0 +1,73 @@
+name: cve-report
+
+on:
+  schedule:
+    - cron: '0 17 * * *'
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  report:
+    name: Report
+    runs-on: ubuntu-24.04
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: '1.23'
+
+    - name: Prepare git
+      env:
+        GITHUB_USER: 1gtm
+        GITHUB_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }}
+      run: |
+        set -x
+        git config --global user.name "1gtm"
+        git config --global user.email "1gtm@appscode.com"
+        git config --global \
+          url."https://${GITHUB_USER}:${GITHUB_TOKEN}@github.com".insteadOf \
+          "https://github.com"
+        # git remote set-url origin https://${GITHUB_USER}:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git
+
+    - name: Install trivy
+      run: |
+        # wget https://github.com/aquasecurity/trivy/releases/download/v0.18.3/trivy_0.18.3_Linux-64bit.deb
+        # sudo dpkg -i trivy_0.18.3_Linux-64bit.deb
+        sudo apt-get install -y --no-install-recommends wget apt-transport-https gnupg lsb-release
+        wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
+        echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
+        sudo apt-get update
+        sudo apt-get install -y --no-install-recommends trivy
+
+    - name: Install image packer
+      run: |
+        cd /tmp
+        curl -fsSL -O https://github.com/kmodules/image-packer/releases/latest/download/image-packer-linux-amd64.tar.gz
+        tar -xvf image-packer-linux-amd64.tar.gz
+        chmod +x image-packer-linux-amd64
+        sudo mv image-packer-linux-amd64 /usr/local/bin/image-packer
+
+    - name: Generate report
+      run: |
+        image-packer generate-cve-report \
+            --output-dir=catalog \
+            --src=catalog/imagelist.yaml
+        git add catalog/README.md || true
+        git commit -s -a -m "Update cve report $(date --rfc-3339=date)"
+
+    - name: Create Pull Request
+      uses: peter-evans/create-pull-request@v6
+      with:
+        token: ${{ secrets.LGTM_GITHUB_TOKEN }}
+        title: Update cve report
+        branch: update-cve-report
+        delete-branch: true
+        add-paths: |
+          catalog/README.md
+        labels: |
+          automerge