[isar-cip-core,3/3] .gitlab-ci.yml: Add cve-checks job which runs when a tag is pushed

Commit Message

Sai.Sathujoda@toshiba-tsip.com Dec. 21, 2023, 12:04 p.m. UTC

From: Sai Sathujoda <Sai.Sathujoda@toshiba-tsip.com>

The cve-checks job generate latest CVE reports using the cve_checker.py
script in debian-cve-checker container.

Signed-off-by: Sai Sathujoda <Sai.Sathujoda@toshiba-tsip.com>
---
 .gitlab-ci.yml | 7 +++++++
 1 file changed, 7 insertions(+)

Patch

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1de6570..b8422be 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -63,6 +63,13 @@  default:
     - if [ "${deploy}" = "enable" ]; then scripts/deploy-cip-core.sh ${release} ${target} ${extension} ${dtb} ${CI_COMMIT_REF_SLUG}; fi
     - if [ "${deploy_kernelci}" = "enable" ]; then scripts/deploy-kernelci.py ${release} ${target} ${extension} ${dtb}; fi
 
+cve-checks:
+  image: registry.gitlab.com/cip-playground/debian-cve-checker:latest
+  script:
+    - scripts/run-cve-checks.sh
+  only:
+    - tags
+
 # base image
 build:simatic-ipc227e-base:
   extends: