Merge pull request #174 from OmegaSquad82/OmegaSquad82-patch-1

fix: build-image should run when it has changed
OmegaSquad82 · Feb 5, 2025 · ae10f26 · ae10f26
2 parents e1b2802 + 5aa28c4
commit ae10f26
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 29 deletions.
diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
@@ -2,11 +2,9 @@ name: build-image
 on:
   workflow_dispatch: # allow manually triggering builds
   push:
-    branches:
-      - main
     paths-ignore:
-      - 'release-please.yml'
-      - 'vulnerability-scan.yml'
+      - '**/release-please.yml'
+      - '**/vulnerability-scan.yml'
       - "**.md"
       - "**/.gitkeep"
       - "build-isos"
@@ -198,25 +196,8 @@ jobs:
         run: |
           echo "${{ toJSON(steps.push.outputs) }}"
 
-      # Vulnerability Analysis
-      - name: Generate SARIF for Custom Image with Trivy
-        uses: aquasecurity/trivy-action@0.29.0
+      # Free and Open Source Software license scanning
+      - name: Run GitHub Action for ORT
+        uses: oss-review-toolkit/ort-ci-github-action@v1
         with:
-          format: sarif
-          github-pat: ${{ github.token }}
-          image-ref: ${{ env.IMAGE_NAME }}
-          output: trivy-results.sarif
-          scan-type: image
-          scanners: vuln
-          severity: MEDIUM,HIGH,CRITICAL
-        env:
-          TRIVY_USERNAME: ${{ github.actor }}
-          TRIVY_PASSWORD: ${{ github.token }}
-        if: env.IS_DEFAULT == 'true'
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          category: trivy-${{ matrix.package }}
-          sarif_file: trivy-results.sarif
-        if: env.IS_DEFAULT == 'true'
+          sw-name: ${{ matrix.package }}
diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml
@@ -6,8 +6,8 @@ on:
         # (50 minutes after custom image build was triggered, then every 6h)
   push:
     paths-ignore:
-      - 'build-image.yml'
-      - 'release-please.yml'
+      - '**/build-image.yml'
+      - '**/release-please.yml'
       - "**.md"
       - "**/.gitkeep"
       - "build-isos"
@@ -40,8 +40,8 @@ jobs:
       - name: Force repository owner to lowercase
         run: echo "IMAGE_REF=ghcr.io/${REPO_OWNER@L}/${{ matrix.package }}" >> ${GITHUB_ENV}
 
-      - name: Wait up to 5m to compensate for rate limiting
-        run: sleep $((RANDOM % 300))
+      - name: Wait up to 3m to compensate for rate limiting
+        run: sleep $((RANDOM % 180))
 
       - name: Generate SARIF for Custom Image with Trivy
         uses: aquasecurity/[email protected]