CVE Freshness Check #16537

Workflow file for this run

.github/workflows/cve-freshness-check.yml at 4b3a65f

	name: CVE Freshness Check

	on:
	push:
	branches:
	- main
	schedule:
	- cron: "15,45 * * * *"
	workflow_dispatch:

	permissions:
	contents: read

	jobs:
	pull_latest_release:
	runs-on: ubuntu-latest
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
	with:
	egress-policy: audit

	- name: Checkout repository
	uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4

	- name: Get latest release
	id: get_latest_release
	uses: octokit/request-action@dad4362715b7fb2ddedf9772c8670824af564f0d # v2.4.0
	with:
	route: GET /repos/${{ github.repository }}/releases/latest
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Check release time
	id: check_release_time
	run: \|
	current_time=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
	release_time=$(echo '${{ fromJson(steps.get_latest_release.outputs.data).published_at }}')
	echo "Current time: $current_time"
	echo "Release time: $release_time"
	current_time_epoch=$(date -d "$current_time" +%s)
	release_time_epoch=$(date -d "$release_time" +%s)
	time_diff=$((current_time_epoch - release_time_epoch))
	echo "Time difference: $time_diff seconds"
	echo "::set-output name=time_diff::$time_diff"

	- name: Send Slack message if release > 3600 seconds
	if: steps.check_release_time.outputs.time_diff > 3600
	uses: slackapi/slack-github-action@16b6c78ee73689a627b65332b34e5d409c7299da # v1.18.0
	with:
	payload: \|
	{
	"text": "failure\n${{ github.event.pull_request.html_url \|\| github.event.head.html_url }}",
	"blocks": [
	{
	"type": "section",
	"text": {
	"type": "mrkdwn",
	"text": "<!subteam^S09HZCQL7DG>, security artifacts generation result: failure\nhttps://github.com/fleetdm/vulnerabilities/actions/runs/${{ github.run_id }}\nSee https://github.com/fleetdm/vulnerabilities/actions?query=is%3Afailure for failure details\n${{ github.event.pull_request.html_url \|\| github.event.head.html_url }}"
	}
	}
	]
	}
	env:
	SLACK_WEBHOOK_URL: ${{ secrets.SLACK_G_HELP_P1_WEBHOOK_URL }}
	SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE Freshness Check #16537

Workflow file

CVE Freshness Check #16537

Uh oh!

Workflow file for this run