Skip to content

Commit 64e9d95

Browse files
kylecarbskylecarbs
committed
chore: migrate security checks to run on a cron
They were taking a long time and seemed to be reducing concurrency for our other CI actions.
1 parent 7a8ccda commit 64e9d95

File tree

1 file changed

+24
-8
lines changed

1 file changed

+24
-8
lines changed

.github/workflows/security.yaml

+24-8
Original file line numberDiff line numberDiff line change
@@ -6,17 +6,11 @@ permissions:
66
security-events: write
77

88
on:
9-
push:
10-
branches: ["main"]
11-
12-
pull_request:
13-
branches: ["main"]
14-
159
workflow_dispatch:
1610

1711
schedule:
18-
# Run every week at 10:24 on Thursday.
19-
- cron: "24 10 * * 4"
12+
# Run every 6 hours Monday-Friday!
13+
- cron: "0 0,6,12,18 * * 1-5"
2014

2115
# Cancel in-progress runs for pull requests when developers push
2216
# additional changes
@@ -59,6 +53,17 @@ jobs:
5953
- name: Perform CodeQL Analysis
6054
uses: github/codeql-action/analyze@v2
6155

56+
- name: Send Slack notification on failure
57+
if: ${{ failure() }}
58+
run: |
59+
msg="❌ CodeQL Failed\n\nhttps://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
60+
curl \
61+
-qfsSL \
62+
-X POST \
63+
-H "Content-Type: application/json" \
64+
--data "{\"content\": \"$msg\"}" \
65+
"${{ secrets.SLACK_SECURITY_FAILURE_WEBHOOK_URL }}"
66+
6267
trivy:
6368
runs-on: ${{ github.repository_owner == 'coder' && 'ubuntu-latest-8-cores' || 'ubuntu-latest' }}
6469
steps:
@@ -135,3 +140,14 @@ jobs:
135140
name: trivy
136141
path: trivy-results.sarif
137142
retention-days: 7
143+
144+
- name: Send Slack notification on failure
145+
if: ${{ failure() }}
146+
run: |
147+
msg="❌ CodeQL Failed\n\nhttps://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
148+
curl \
149+
-qfsSL \
150+
-X POST \
151+
-H "Content-Type: application/json" \
152+
--data "{\"content\": \"$msg\"}" \
153+
"${{ secrets.SLACK_SECURITY_FAILURE_WEBHOOK_URL }}"

0 commit comments

Comments
 (0)