taiars/nora
1
0
Fork 0
mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 09:10:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci: restore scan gate on release, block on HIGH/CRITICAL CVE

Browse Source
This commit is contained in:
devitway
2026-02-24 10:53:28 +00:00
parent 5f385dce45
commit ac14405af3
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/release.yml vendored
View File

@@ -127,7 +127,7 @@ jobs:
format: sarif format: sarif
output: trivy-image-${{ matrix.name }}.sarif output: trivy-image-${{ matrix.name }}.sarif
severity: HIGH,CRITICAL severity: HIGH,CRITICAL
exit-code: 0 # warn only; change to 1 to block on vulnerabilities exit-code: 1 # block release on HIGH/CRITICAL vulnerabilities
- name: Upload Trivy image results to GitHub Security tab - name: Upload Trivy image results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v4 uses: github/codeql-action/upload-sarif@v4
@@ -139,7 +139,7 @@ jobs:
release: release:
name: GitHub Release name: GitHub Release
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: build needs: [build, scan]
permissions: permissions:
contents: write contents: write
packages: read # to pull image for SBOM generation packages: read # to pull image for SBOM generation