Skip to content
Ingest to BigQuery

traefik-3.2/GHSA-c5q2-7r4c-mv6g advisory update (#9082) #4402

Sign in to view logs

traefik-3.2/GHSA-c5q2-7r4c-mv6g advisory update (#9082)

traefik-3.2/GHSA-c5q2-7r4c-mv6g advisory update (#9082) #4402

Workflow file for this run

.github/workflows/bigquery-ingestion.yaml at b88157c
name: Ingest to BigQuery
on:
push:
branches:
- main
workflow_dispatch:
permissions:
contents: read
jobs:
ingest:
name: Ingest to BigQuery
runs-on: ubuntu-latest
if: github.repository == 'wolfi-dev/advisories'
permissions:
id-token: write
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: auth
name: 'Authenticate to Google Cloud'
uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6
with:
workload_identity_provider: "projects/618116202522/locations/global/workloadIdentityPools/prod-shared-e350/providers/prod-shared-gha"
service_account: "[email protected]"
- uses: google-github-actions/setup-gcloud@f0990588f1e5b5af6827153b93673613abdc6ec7 # v2.1.1
with:
project_id: prod-images-c6e5
- name: 'Ingest to BigQuery'
run: |
gcloud info
gcloud run jobs execute --region us-central1 cve-advisory-cron
- name: Post failure notice to Slack
uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990 # ratchet:rtCamp/[email protected]
if: ${{ failure() }}
env:
SLACK_ICON: http://github.com/chainguard-dev.png?size=48
SLACK_USERNAME: guardian
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_CHANNEL: 'eng-squad-lifecycle-alerts'
SLACK_COLOR: '#8E1600'
MSG_MINIMAL: 'true'
SLACK_TITLE: Ingest to BigQuery for ${{ github.repository }} failed!
SLACK_MESSAGE: |
For detailed logs: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}