Fix gh command that closes the issue when all vulnerabilities are fixed

Signed-off-by: Sascha Schwarze <[email protected]>
shipwright-io · Jan 10, 2025 · 9537c71 · 9537c71
1 parent a3db753
commit 9537c71
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/.github/report-release-vulnerabilities.sh b/.github/report-release-vulnerabilities.sh
@@ -111,7 +111,6 @@ assignees="$(dyff json OWNERS | jq -r '.approvers | join(",")')"
 issues="$(gh issue list --label release-vulnerabilities --json number)"
 
 if [ "$(jq length <<<"${issues}")" == "0" ]; then
-
   if [ "${hasVulnerabilities}" == "true" ]; then
     # create new issue
     echo "[INFO] Creating new issue"
@@ -133,7 +132,9 @@ else
       --add-assignee "${assignees}" \
       --body-file /tmp/report.md
   else
-    gh issue close --reason "No vulnerabilities found in the latest release ${RELEASE_TAG}"
+    gh issue close "${issueNumber}" \
+      --comment  "No vulnerabilities found in the latest release ${RELEASE_TAG}" \
+      --reason completed
   fi
 fi
 

diff --git a/.github/workflows/report-release-vulnerabilities.yaml b/.github/workflows/report-release-vulnerabilities.yaml
@@ -5,6 +5,10 @@ name: Report release vulnerabilities
 on:
   schedule:
     - cron: '0 4 * * *' # 4:00 am UTC = 1 hour after base image build
+  release:
+    types:
+      - edited
+      - published
   workflow_dispatch: {}
 jobs:
   report-vulnerabilities: