From 8d8e77657367220a7381ea9e0ab333500eb52b69 Mon Sep 17 00:00:00 2001 From: Paul Mars Date: Tue, 7 Apr 2026 11:51:16 +0200 Subject: [PATCH 1/2] ci: set specific name on arch-specific results --- .github/workflows/security.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index 017c21b3..4a3b2dee 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -15,7 +15,7 @@ jobs: # architecture-specific vulnerabilities. arch: [amd64, arm, arm64, ppc64le, s390x, riscv64] env: - TRIVY_RESULTS: 'trivy-results.sarif' + TRIVY_RESULTS: 'trivy-results.${{ matrix.arch }}.sarif' SCAN_DIR: 'release-scan' steps: - name: Download and extract latest release @@ -45,6 +45,7 @@ jobs: uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 with: sarif_file: ${{ env.TRIVY_RESULTS }} + token: ${{ secrets.ROCKSBOT_CHISEL_SECURITY_EVENTS }} - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 if: ${{ !cancelled() }} From 2f791544fd84c7e15de31bd94ba4dcadbbb02e1b Mon Sep 17 00:00:00 2001 From: Paul Mars Date: Tue, 7 Apr 2026 13:42:01 +0200 Subject: [PATCH 2/2] ci: add manual trigger to test --- .github/workflows/security.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index 4a3b2dee..a0fe2e9e 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -3,6 +3,7 @@ name: Security on: schedule: - cron: "0 1 * * *" + workflow_dispatch: jobs: scan: