PSRT GHSA Bot #17051
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "PSRT GHSA Bot" | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "0 * * * *" | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: psrt-ghsa-bot | |
| cancel-in-progress: false | |
| jobs: | |
| cron: | |
| runs-on: ubuntu-latest | |
| name: "Run PSRT GHSA Bot" | |
| timeout-minutes: 10 | |
| steps: | |
| - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - name: Set up uv | |
| uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 | |
| with: | |
| enable-cache: true | |
| - name: Set up Python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version-file: "pyproject.toml" | |
| - name: Install dependencies | |
| run: uv sync --locked --no-editable --no-dev | |
| - name: Run bot | |
| run: uv run python src/psrt_ghsa_bot/app.py | |
| env: | |
| GH_CLIENT_ID: ${{ vars.GH_CLIENT_ID }} | |
| GH_CLIENT_SECRET: ${{ secrets.GH_CLIENT_SECRET }} | |
| GH_CLIENT_PRIVATE_KEY: ${{ secrets.GH_CLIENT_PRIVATE_KEY }} | |
| CVE_USERNAME: ${{ vars.CVE_USERNAME }} | |
| CVE_API_KEY: ${{ secrets.CVE_API_KEY }} | |
| CVE_ENV: ${{ vars.CVE_ENV }} | |
| SENTRY_DSN: ${{ github.event_name == 'schedule' && secrets.SENTRY_DSN || '' }} |