-
-
Notifications
You must be signed in to change notification settings - Fork 2
49 lines (41 loc) · 1.41 KB
/
Copy pathcron.yml
File metadata and controls
49 lines (41 loc) · 1.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
name: "PSRT GHSA Bot"
on:
workflow_dispatch:
schedule:
- cron: "0 * * * *"
permissions:
contents: read
concurrency:
group: psrt-ghsa-bot
cancel-in-progress: false
jobs:
cron:
runs-on: ubuntu-latest
name: "Run PSRT GHSA Bot"
timeout-minutes: 10
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: Set up uv
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
with:
enable-cache: true
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version-file: "pyproject.toml"
- name: Install dependencies
run: uv sync --locked --no-editable --no-dev
- name: Run bot
run: uv run python src/psrt_ghsa_bot/app.py
env:
GH_CLIENT_ID: ${{ vars.GH_CLIENT_ID }}
GH_CLIENT_SECRET: ${{ secrets.GH_CLIENT_SECRET }}
GH_CLIENT_PRIVATE_KEY: ${{ secrets.GH_CLIENT_PRIVATE_KEY }}
CVE_USERNAME: ${{ vars.CVE_USERNAME }}
CVE_API_KEY: ${{ secrets.CVE_API_KEY }}
CVE_ENV: ${{ vars.CVE_ENV }}
CVE_ENABLED_REPOS: ${{ vars.CVE_ENABLED_REPOS }}
GH_REQUIRED_ORG: ${{ vars.GH_REQUIRED_ORG }}
SENTRY_DSN: ${{ github.event_name == 'schedule' && secrets.SENTRY_DSN || '' }}