From c9d4dc14f61bb1913021f2747c80e87515784360 Mon Sep 17 00:00:00 2001
From: Daniela Plascencia <daniela.plascencia@canonical.com>
Date: Tue, 15 Oct 2024 16:16:33 +0200
Subject: [PATCH 1/3] ci: enable scheduled trivy scanner and report
 vulnerabilities as GH issues

This workflow enables a scheduled scanner (that can also be run from a workflow dispatch) to
scan images using the trivy scanner. At the same time, enables the automatic creation/edition
of Github issues when a vulnerability is found.

Fixes #55
---
 .github/workflows/scan_images.yaml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 .github/workflows/scan_images.yaml

diff --git a/.github/workflows/scan_images.yaml b/.github/workflows/scan_images.yaml
new file mode 100644
index 0000000..8d90d5d
--- /dev/null
+++ b/.github/workflows/scan_images.yaml
@@ -0,0 +1,21 @@
+name: Scan images
+
+on:  
+  schedule:
+    - cron: '00 23 * * *'
+  workflow_dispatch:
+
+jobs:
+
+  on-push:
+    name: Get rocks modified and build-scan-test-publish them
+    uses: canonical/charmed-kubeflow-workflows/.github/workflows/get-published-images-scan-and-report.yaml@main
+    strategy:
+      matrix:
+        branch: [main, track/0.15, track/0.16]
+    secrets:
+      GH_TOKEN: ${{ secrets.GH_TOKEN }}
+    with:
+      report-vulnerabilities: true
+      severity: "HIGH,CRITICAL"
+      branch: ${{ matrix.branch }}

From 60260ecfb457f0070aa74e084eafc0c41259f4aa Mon Sep 17 00:00:00 2001
From: Daniela Plascencia <daniela.plascencia@canonical.com>
Date: Wed, 16 Oct 2024 09:59:38 +0200
Subject: [PATCH 2/3] skip: fix name of job

---
 .github/workflows/scan_images.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scan_images.yaml b/.github/workflows/scan_images.yaml
index 8d90d5d..acca1be 100644
--- a/.github/workflows/scan_images.yaml
+++ b/.github/workflows/scan_images.yaml
@@ -7,8 +7,8 @@ on:
 
 jobs:
 
-  on-push:
-    name: Get rocks modified and build-scan-test-publish them
+  scan-images:
+    name: Scan published images and report vulnerabilities
     uses: canonical/charmed-kubeflow-workflows/.github/workflows/get-published-images-scan-and-report.yaml@main
     strategy:
       matrix:

From e82a4eadfad1c6de4f5304a7703e30bcd9aabbcc Mon Sep 17 00:00:00 2001
From: Daniela Plascencia <daniela.plascencia@canonical.com>
Date: Wed, 16 Oct 2024 11:35:32 +0200
Subject: [PATCH 3/3] skip: frix branch

---
 .github/workflows/scan_images.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scan_images.yaml b/.github/workflows/scan_images.yaml
index acca1be..40b3c5c 100644
--- a/.github/workflows/scan_images.yaml
+++ b/.github/workflows/scan_images.yaml
@@ -12,7 +12,7 @@ jobs:
     uses: canonical/charmed-kubeflow-workflows/.github/workflows/get-published-images-scan-and-report.yaml@main
     strategy:
       matrix:
-        branch: [main, track/0.15, track/0.16]
+        branch: [main, track/0.16]
     secrets:
       GH_TOKEN: ${{ secrets.GH_TOKEN }}
     with: