improve CI caching

mjacoby · mjacoby · commit 772b79066360 · 2026-04-21T13:49:25.000+02:00
diff --git a/.github/workflows/cvd-database-update-scheduled.yml b/.github/workflows/cvd-database-update-scheduled.yml
@@ -0,0 +1,35 @@
+name: CVE Database Update Scheduled
+
+on:
+  schedule:
+    # Every day at 4 AM UTC
+    - cron: '0 4 * * *'
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Get Date
+      id: get-date
+      run: |
+        echo "date=$(/bin/date -u "+%Y-%m-%dT%H:%M:%S")" >> $GITHUB_OUTPUT
+      shell: bash
+
+    - name: Restore Cache - CVE Database
+      uses: actions/cache@v5
+      with:
+        path: |
+          ~/.m2/repository/org/owasp/dependency-check-data
+        key: ${{ runner.os }}-maven-owasp-cvedb-${{ steps.get-date.outputs.date }}
+        restore-keys: ${{ runner.os }}-maven-owasp-cvedb
+
+    - name: Update CVE Database
+      env:
+        OWASP_OSS_INDEX_USERNAME: ${{ secrets.OWASP_OSS_INDEX_USERNAME }}
+        OWASP_OSS_INDEX_APIKEY: ${{ secrets.OWASP_OSS_INDEX_APIKEY }}
+        NIST_NVD_API_KEY: ${{ secrets.NIST_NVD_API_KEY }}
+      run: |
+        mvn -B -P owasp -DnvdApiDelay=6000 --settings maven-ci-settings.xml org.owasp:dependency-check-maven:update-only
diff --git a/.github/workflows/maven-build-pr.yml b/.github/workflows/maven-build-pr.yml
@@ -17,8 +17,8 @@ jobs:
         # Disabling shallow clone is recommended for improving relevancy of reporting
         fetch-depth: 0
 
-    - name: Cache maven repository
-      uses: actions/cache@v5
+    - name: Restore Cache - Maven Repository
+      uses: actions/cache/restore@v5
       with:
         path: |
           ~/.m2/repository
@@ -51,27 +51,25 @@ jobs:
       run: |
         mvn install sonar:sonar -P coverage -Dsonar.projectKey=FraunhoferIOSB_FAAAST-Service --settings maven-ci-settings.xml -B
 
-    - name: Restore CVD Database from Cache
-      uses: actions/cache/restore@v5
-      with:
-        path: |
-          ~/.m2/repository/org/owasp/dependency-check-data
-        key: ${{ runner.os }}-maven-owasp-cvedb
-
-    - name: Update CVD Database
-      env:
-        OWASP_OSS_INDEX_USERNAME: ${{ secrets.OWASP_OSS_INDEX_USERNAME }}
-        OWASP_OSS_INDEX_APIKEY: ${{ secrets.OWASP_OSS_INDEX_APIKEY }}
-        NIST_NVD_API_KEY: ${{ secrets.NIST_NVD_API_KEY }}
+    - name: Get Date
+      id: get-date
       run: |
-        mvn -B -P owasp -DnvdApiDelay=6000 --settings maven-ci-settings.xml org.owasp:dependency-check-maven:update-only
+        echo "date=$(/bin/date -u "+%Y-%m-%dT%H:%M:%S")" >> $GITHUB_OUTPUT
+      shell: bash
 
-    - name: Save CVD Database to Cache
-      uses: actions/cache/save@v5
+    - name: Restore Cache - CVE Database
+      uses: actions/cache/restore@v5
       with:
         path: |
           ~/.m2/repository/org/owasp/dependency-check-data
-        key: ${{ runner.os }}-maven-owasp-cvedb
+        key: ${{ runner.os }}-maven-owasp-cvedb-${{ steps.get-date.outputs.date }}
+        restore-keys: ${{ runner.os }}-maven-owasp-cvedb
+
+    - name: Fail if cache not restored
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore OWASP CVE Database - run update manually"
+          exit 1
 
     - name: Dependency Vulnerability Check with OWASP
       env:
diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml
@@ -18,7 +18,7 @@ jobs:
         # Disabling shallow clone is recommended for improving relevancy of reporting
         fetch-depth: 0
 
-    - name: Cache maven repository
+    - name: Cache -  Maven Repository
       uses: actions/cache@v5
       with:
         path: |
@@ -49,27 +49,34 @@ jobs:
       run: |
         mvn install sonar:sonar -P coverage -Dsonar.projectKey=FraunhoferIOSB_FAAAST-Service --settings maven-ci-settings.xml -B
 
-    - name: Restore CVD Database from Cache
+    - name: Get Date
+      id: get-date
+      run: |
+        echo "date=$(/bin/date -u "+%Y-%m-%dT%H:%M:%S")" >> $GITHUB_OUTPUT
+      shell: bash
+
+    - name: Restore Cache - CVE Database
       uses: actions/cache/restore@v5
       with:
         path: |
           ~/.m2/repository/org/owasp/dependency-check-data
-        key: ${{ runner.os }}-maven-owasp-cvedb
+        key: ${{ runner.os }}-maven-owasp-cvedb-${{ steps.get-date.outputs.date }}
+        restore-keys: ${{ runner.os }}-maven-owasp-cvedb
 
-    - name: Update CVD Database
+    - name: Update CVE Database
       env:
         OWASP_OSS_INDEX_USERNAME: ${{ secrets.OWASP_OSS_INDEX_USERNAME }}
         OWASP_OSS_INDEX_APIKEY: ${{ secrets.OWASP_OSS_INDEX_APIKEY }}
         NIST_NVD_API_KEY: ${{ secrets.NIST_NVD_API_KEY }}
       run: |
         mvn -B -P owasp -DnvdApiDelay=6000 --settings maven-ci-settings.xml org.owasp:dependency-check-maven:update-only
 
-    - name: Save CVD Database to Cache
+    - name: Save Cache - CVE Database
       uses: actions/cache/save@v5
       with:
         path: |
           ~/.m2/repository/org/owasp/dependency-check-data
-        key: ${{ runner.os }}-maven-owasp-cvedb
+        key: ${{ runner.os }}-maven-owasp-cvedb-${{ steps.get-date.outputs.date }}
 
     - name: Dependency Vulnerability Check with OWASP
       env:
diff --git a/.github/workflows/maven-deploy.yml b/.github/workflows/maven-deploy.yml
@@ -28,7 +28,7 @@ jobs:
     - name: Checkout Source
       uses: actions/checkout@v6
 
-    - name: Cache maven repository
+    - name: Cache - Maven Repository
       uses: actions/cache@v5
       with:
         path: ~/.m2/repository
@@ -59,35 +59,6 @@ jobs:
       run: |
         mvn install -P test --settings maven-ci-settings.xml -B
 
-    - name: Restore CVD Database from Cache
-      uses: actions/cache/restore@v5
-      with:
-        path: |
-          ~/.m2/repository/org/owasp/dependency-check-data
-        key: ${{ runner.os }}-maven-owasp-cvedb
-
-    - name: Update CVD Database
-      env:
-        OWASP_OSS_INDEX_USERNAME: ${{ secrets.OWASP_OSS_INDEX_USERNAME }}
-        OWASP_OSS_INDEX_APIKEY: ${{ secrets.OWASP_OSS_INDEX_APIKEY }}
-        NIST_NVD_API_KEY: ${{ secrets.NIST_NVD_API_KEY }}
-      run: |
-        mvn -B -P owasp -DnvdApiDelay=6000 --settings maven-ci-settings.xml org.owasp:dependency-check-maven:update-only
-
-    - name: Save CVD Database to Cache
-      uses: actions/cache/save@v5
-      with:
-        path: |
-          ~/.m2/repository/org/owasp/dependency-check-data
-        key: ${{ runner.os }}-maven-owasp-cvedb
-
-    - name: Dependency Vulnerability Check with OWASP
-      env:
-        OWASP_OSS_INDEX_USERNAME: ${{ secrets.OWASP_OSS_INDEX_USERNAME }}
-        OWASP_OSS_INDEX_APIKEY: ${{ secrets.OWASP_OSS_INDEX_APIKEY }}
-      run: |
-        mvn org.owasp:dependency-check-maven:aggregate -P owasp --settings maven-ci-settings.xml -B
-
     - name: Build and Deploy with Maven
       env:
         GPG_EXECUTABLE: gpg
