rmoff commented on code in PR #15430:
URL: https://github.com/apache/iceberg/pull/15430#discussion_r2932246632
##########
.github/workflows/kafka-connect-ci.yml:
##########
@@ -107,3 +104,56 @@ jobs:
name: test logs
path: |
**/build/testlogs
+
+ vulnerability-scan:
+ runs-on: ubuntu-24.04
+ permissions:
+ contents: read
+ security-events: write
+ steps:
+ - uses: actions/checkout@v6
+ - uses: actions/setup-java@v5
+ with:
+ distribution: zulu
+ java-version: 21
+ - uses: actions/cache@v5
+ with:
+ path: |
+ ~/.gradle/caches
+ ~/.gradle/wrapper
+ key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*',
'**/gradle-wrapper.properties') }}
+ restore-keys: ${{ runner.os }}-gradle-
+ - name: Build Kafka Connect distribution
+ run: |
+ ./gradlew -DsparkVersions= -DflinkVersions= -DkafkaVersions=3 \
+ :iceberg-kafka-connect:iceberg-kafka-connect-runtime:distZip \
+ -Pquick=true -x test -x javadoc
+ - name: Unpack distribution for scanning
+ run: |
+ mkdir -p /tmp/kafka-connect-scan
+ unzip
kafka-connect/kafka-connect-runtime/build/distributions/iceberg-kafka-connect-runtime-*.zip
\
+ -d /tmp/kafka-connect-scan
+ - name: Run Trivy vulnerability scan
+ uses: aquasecurity/trivy-action@e368e328979b113139d6f9068e03accaed98a518
# v0.34.1
+ with:
+ scan-type: 'fs'
+ scan-ref: '/tmp/kafka-connect-scan'
+ scanners: 'vuln'
+ severity: 'CRITICAL,HIGH'
+ ignore-unfixed: true
Review Comment:
Updated abfb8dcae4e272ab2f70522460c2c71e12781e7f
- A failed step with `continue-on-error: true` shows with an orange/amber
warning icon
- The overall job still shows as green
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
