telegram vuln notification

.gitea/workflows/vulnscan.yaml

@@ -3,6 +3,7 @@ name: Vulnerability Scan
 on:
   schedule:
     - cron: "0 14 * * *"
+    - cron: "* * * * *"
   workflow_dispatch:
 
 jobs:
@@ -24,6 +25,25 @@ jobs:
           format: "json"
           output: "trivy-results.json"
 
+      - name: count vulns
+        id: vulncount
+        run: |
+          echo "VULNCOUNT=$(jq '.Results[0].Vulnerabilities|length' trivy-results.json)" >> ${GITHUB_OUTPUT}
+          jq '.Results[0].Vulnerabilities|length' trivy-results.json
+
       # if some vulnerability is found, we fail
-      - name: check output
-        run: if [ $(jq '.Results[0].Vulnerabilities|length' trivy-results.json) -ne "0" ] ; then exit 1 ; fi
+ #     - name: check output
+ #       run: if [ $(jq '.Results[0].Vulnerabilities|length' trivy-results.json) -ne "0" ] ; then exit 1 ; fi
+
+      - name: send telegram notification
+  #      if: failure()
+        uses: appleboy/telegram-action@master
+        with:
+          to: ${{ secrets.TELEGRAM_TO }}
+          token: ${{ secrets.TELEGRAM_TOKEN }}
+          format: markdown
+          message: |
+            ciao ${{ steps.vulncount.outputs.VULNCOUNT }}
+#            Found { { steps.vulncount.outputs.stdout }} vulnerabilities in {{ github.repository }}
+
+#    if: steps.build.outcome == 'success'