Spaces:
Sleeping
Sleeping
| name: Security Scan | |
| on: | |
| schedule: | |
| - cron: '0 0 * * 0' # 每周运行一次 | |
| workflow_dispatch: | |
| jobs: | |
| check-repository: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| is_original: ${{ steps.check.outputs.is_original }} | |
| steps: | |
| - id: check | |
| run: | | |
| if [ "${{ github.repository }}" = "ErlichLiu/DeepClaude" ]; then | |
| echo "is_original=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "is_original=false" >> $GITHUB_OUTPUT | |
| fi | |
| scan: | |
| needs: check-repository | |
| if: needs.check-repository.outputs.is_original == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set lowercase variables | |
| run: | | |
| OWNER_LOWER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]') | |
| REPO_NAME_LOWER=$(echo "${{ github.event.repository.name }}" | tr '[:upper:]' '[:lower:]') | |
| echo "OWNER_LOWER=$OWNER_LOWER" >> $GITHUB_ENV | |
| echo "REPO_NAME_LOWER=$REPO_NAME_LOWER" >> $GITHUB_ENV | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: ghcr.io/${{ env.OWNER_LOWER }}/${{ env.REPO_NAME_LOWER }}:latest | |
| format: 'table' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| severity: 'CRITICAL' |