Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move security audit checks to a daily schedule [SAME VERSION] #264

Merged
merged 7 commits into from Mar 11, 2021
Merged

Move security audit checks to a daily schedule [SAME VERSION] #264

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
ea50897
Move security audit checks to a daily schedule instead of on PRs
web-flow Mar 3, 2021
2b71b6d
Fix typo
web-flow Mar 3, 2021
d6cd65b
Link to specific github run url from github context
web-flow Mar 3, 2021
65527b4
rename rust jobs
web-flow Mar 3, 2021
7113e27
remove unnecessary job
web-flow Mar 3, 2021
5b38781
only run on main and not forks
web-flow Mar 8, 2021
10224f7
Update security-audit.yml
romoh Mar 9, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
9 changes: 0 additions & 9 deletions .github/workflows/check-rust.yml
View file
Open in desktop
Expand Up @@ -20,15 +20,6 @@ env:
CARGO_TERM_COLOR: always

jobs:
security_audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions-rs/audit-check@v1
with:
# token is only used for creating the audit report and does not impact the
# functionality or success/failure of the job in case the token is unavailable
token: ${{ secrets.GITHUB_TOKEN }}
build:
runs-on: ubuntu-latest
timeout-minutes: 30
Expand Down
43 changes: 43 additions & 0 deletions .github/workflows/security-audit.yml
View file
Open in desktop
@@ -0,0 +1,43 @@
# This is a security audit workflow that runs security audit checks and send an email in case any vulnerabilities are detected.

name: Security Audit
on:
schedule:
- cron: '0 0 * * *' #runs daily at 12:00 am UTC

jobs:
security_audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Run security audit check
id: cargo-audit
if: github.repository == 'deislabs/akri' # only run on main repo and not forks
continue-on-error: true
uses: actions-rs/audit-check@v1
with:
# token is only used for creating the audit report and does not impact the
# functionality or success/failure of the job in case the token is unavailable
token: ${{ secrets.GITHUB_TOKEN }}

# sends an email if security audit failed
- name: Send mail
if: steps.cargo-audit.outcome != 'success' && github.repository == 'deislabs/akri' # only run on main repo and not forks
uses: dawidd6/action-send-mail@v2
with:
server_address: smtp-mail.outlook.com
server_port: 587
username: ${{secrets.AKRI_BOT_EMAIL}}
password: ${{secrets.AKRI_BOT_PASSWORD}}
subject: "Security vulnerability detected in ${{github.repository}}"
body: |-
A security vulnerability was detected in one or more of Akri's dependencies. For more details, check the output of the [security audit workflow](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}})

Hint: In most cases, running the [auto-update dependencies](https://github.com/deislabs/akri/actions/workflows/auto-update-dependencies.yml) workflow will fix the issue.

-Your friendly Akri bot 🤖
to: ${{secrets.AKRI_TEAM_EMAIL}}
from: ${{secrets.AKRI_BOT_EMAIL}}
content_type: text/html
convert_markdown: true