diff --git a/.github/workflows/cd-dgraph.yml b/.github/workflows/cd-dgraph.yml index 9c2192cf3ac..abf422aeb9f 100644 --- a/.github/workflows/cd-dgraph.yml +++ b/.github/workflows/cd-dgraph.yml @@ -81,12 +81,6 @@ jobs: badger/badger-linux-amd64.tar.gz dgraph/dgraph-checksum-linux-amd64.sha256 dgraph/dgraph-linux-amd64.tar.gz - - name: Move Badger Binary into Linux Directory - run: | - tar -xzf badger/badger-linux-amd64.tar.gz --directory badger - [ -d "linux" ] || mkdir linux - # linux directory will be added to docker image in build step - cp badger/badger-linux-amd64 linux/badger - name: Make Dgraph Docker Image run: | set -e @@ -181,12 +175,6 @@ jobs: badger/badger-linux-arm64.tar.gz dgraph/dgraph-checksum-linux-arm64.sha256 dgraph/dgraph-linux-arm64.tar.gz - - name: Move Badger Binary into Linux Directory - run: | - tar -xzf badger/badger-linux-arm64.tar.gz --directory badger - [ -d "linux" ] || mkdir linux - # linux directory will be added to docker image in build step - cp badger/badger-linux-arm64 linux/badger - name: Make Dgraph Docker Image run: | set -e diff --git a/.github/workflows/ci-dgraph-nightly-cves.yml b/.github/workflows/ci-dgraph-nightly-cves.yml new file mode 100644 index 00000000000..77185166876 --- /dev/null +++ b/.github/workflows/ci-dgraph-nightly-cves.yml @@ -0,0 +1,41 @@ +name: ci-dgraph-nightly-cves + +on: + schedule: + - cron: 0 0 * * * # Run daily at midnight UTC + workflow_dispatch: # Allow manual trigger + +permissions: + contents: read + +jobs: + cve-scan: + runs-on: blacksmith-4vcpu-ubuntu-2404 + timeout-minutes: 30 + steps: + - name: Checkout main branch + uses: actions/checkout@v5 + with: + ref: main + + - name: Set up Go + uses: actions/setup-go@v6 + with: + go-version-file: go.mod + + - name: Build Dgraph + run: make dgraph + + - name: Build Docker image + run: | + mkdir -p linux + cp ./dgraph/dgraph ./linux/dgraph + docker build -f contrib/Dockerfile -t dgraph/dgraph:nightly-scan . + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: dgraph/dgraph:nightly-scan + format: table + exit-code: 1 + severity: CRITICAL,HIGH diff --git a/go.mod b/go.mod index 24730ba5ec9..0b24234b99c 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/dgraph-io/dgraph/v25 -go 1.25.6 +go 1.25.7 require ( contrib.go.opencensus.io/exporter/prometheus v0.4.2 @@ -73,7 +73,7 @@ require ( ) require ( - filippo.io/edwards25519 v1.1.0 // indirect + filippo.io/edwards25519 v1.1.1 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect github.com/agnivade/levenshtein v1.2.1 // indirect github.com/bahlo/generic-list-go v0.2.0 // indirect diff --git a/go.sum b/go.sum index b5d45e84c01..986346eb339 100644 --- a/go.sum +++ b/go.sum @@ -33,8 +33,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9 contrib.go.opencensus.io/exporter/prometheus v0.4.2 h1:sqfsYl5GIY/L570iT+l93ehxaWJs2/OwXtiWwew3oAg= contrib.go.opencensus.io/exporter/prometheus v0.4.2/go.mod h1:dvEHbiKmgvbr5pjaF9fpw1KeYcjrnC1J8B+JKjsZyRQ= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= -filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= +filippo.io/edwards25519 v1.1.1 h1:YpjwWWlNmGIDyXOn8zLzqiD+9TyIlPhGFG96P39uBpw= +filippo.io/edwards25519 v1.1.1/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= github.com/99designs/gqlgen v0.13.0/go.mod h1:NV130r6f4tpRWuAI+zsrSdooO/eWUv+Gyyoi3rEfXIk= github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg= github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=