FE: Add Search Functionality to ACLs page #488
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Infra: CVE checks" | |
| on: | |
| pull_request: | |
| types: [ "opened", "reopened", "synchronize" ] | |
| push: | |
| branches: [ "main" ] | |
| workflow_dispatch: | |
| schedule: | |
| # * is a special character in YAML so you have to quote this string | |
| - cron: '0 8 15 * *' | |
| permissions: | |
| contents: read | |
| jobs: | |
| check-cves: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # infered from @v4 | |
| with: | |
| token: ${{ github.token }} | |
| - name: Set up JDK | |
| uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # infered from @v4 | |
| with: | |
| java-version: '21' | |
| distribution: 'zulu' | |
| cache: 'gradle' | |
| - name: Build project | |
| id: build | |
| run: | | |
| ./gradlew clean build \ | |
| -x test \ | |
| -Pbuild-docker-images=true \ | |
| -Pinclude-frontend=true \ | |
| -Pversion=latest | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # infered from @v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # infered from @v3 | |
| - name: Cache Docker layers | |
| uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # infered from @v4 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| - name: Build docker image | |
| uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # infered from @v6 | |
| with: | |
| builder: ${{ steps.buildx.outputs.name }} | |
| context: api | |
| platforms: linux/amd64 | |
| push: false | |
| load: true | |
| tags: | | |
| ghcr.io/kafbat/kafka-ui:latest | |
| build-args: | | |
| JAR_FILE=build/libs/api-latest.jar | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache | |
| - name: Run CVE checks | |
| uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # infered from @v0.29.0 | |
| with: | |
| image-ref: "ghcr.io/kafbat/kafka-ui:latest" | |
| format: "table" | |
| exit-code: "1" | |
| notify: | |
| needs: check-cves | |
| if: ${{ always() && needs.build-and-test.result == 'failure' && github.event_name == 'schedule' }} | |
| uses: ./.github/workflows/infra_discord_hook.yml | |
| with: | |
| message: "Attention! CVE checks run failed! Please fix them CVEs :(" | |
| secrets: | |
| DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL_CVE }} |