Rumble Vulnerability Data #5

	name: Rumble Vulnerability Data
	on:
	schedule:
	- cron: "1 5 * * *"
	workflow_dispatch:
	push:
	branches: [rumble-vulnerability-data]

	env:
	PROJECT_ID: "${{ secrets.PROJECT_ID }}"
	STORAGE_BUCKET: "${{ secrets.STORAGE_BUCKET }}"
	WORKLOAD_IDENTITY_PROVIDER: "${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}"
	SERVICE_ACCOUNT: "${{ secrets.GH_ACTION_SERVICE_ACCOUNT }}"
	GH_TOKEN: ${{ github.token }}

	defaults:
	run:
	shell: bash
	working-directory: ./tools/rumble

	jobs:
	generate-vulnerability-json:
	runs-on: ubuntu-latest

	permissions:
	contents: write
	id-token: write

	steps:
	- name: 'Checkout default branch to $GITHUB_WORKSPACE dir'
	uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3

	- name: Authenticate to Google Cloud
	id: auth
	uses: google-github-actions/auth@ceee102ec2387dd9e844e01b530ccd4ec87ce955 # v0
	with:
	token_format: 'access_token'
	project_id: "${{ env.PROJECT_ID }}"
	workload_identity_provider: "${{ env.WORKLOAD_IDENTITY_PROVIDER }}"
	service_account: "${{ env.SERVICE_ACCOUNT }}"

	- name: Set up Go
	uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # actions/setup-go@v4
	with:
	go-version: '^1.20.0'

	- name: Fetch latest Grype vulnerability database
	shell: bash
	run: \|
	curl -s \
	$(curl -s https://toolbox-data.anchore.io/grype/databases/listing.json \
	\|jq -r '.available."5" \| .[0] .url') -o- \
	\|tar xvz

	- name: Generate Rumble JSON files
	run: go run .

Provide feedback