Skip to content

Adding Advisory CVE-2024-36107 for minio (#5187) #1063

Adding Advisory CVE-2024-36107 for minio (#5187)

Adding Advisory CVE-2024-36107 for minio (#5187) #1063

name: Build and publish OSV
on:
push:
branches:
- main
workflow_dispatch:
permissions:
contents: read
jobs:
build-publish:
name: Build and publish OSV
runs-on: ubuntu-latest
if: github.repository == 'wolfi-dev/advisories'
permissions:
id-token: write
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
egress-policy: audit
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
# this need to point to main to always get the latest action
- uses: wolfi-dev/actions/build-and-publish-osv@main # main
with:
workload_identity_provider: "projects/618116202522/locations/global/workloadIdentityPools/prod-shared-e350/providers/prod-shared-gha"
service_account: "[email protected]"
gcp_project_id: prod-images-c6e5
wolfictl_args: "--ecosystem Wolfi --advisories-repo-dir ."
gcs_apk_bucket_name: wolfi-production-registry-destination
gcs_apk_directory_name: os
- name: Post failure notice to Slack
uses: rtCamp/action-slack-notify@4e5fb42d249be6a45a298f3c9543b111b02f7907 # ratchet:rtCamp/[email protected]
if: ${{ failure() }}
env:
SLACK_ICON: http://github.com/chainguard-dev.png?size=48
SLACK_USERNAME: guardian
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_CHANNEL: 'eng-squad-lifecycle-alerts'
SLACK_COLOR: '#8E1600'
MSG_MINIMAL: 'true'
SLACK_TITLE: Build/Publish YAML for ${{ github.repository }} failed!
SLACK_MESSAGE: |
For detailed logs: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}