From 07bd5c82875bcb32083b8353ea9eb9f1ab3a7826 Mon Sep 17 00:00:00 2001 From: mkelcik Date: Sat, 29 Apr 2023 12:56:19 +0200 Subject: [PATCH] github action + minor refactor --- .github/workflows/image-scanner.yml | 62 ++++++++++++++-------------- .github/workflows/quality-checks.yml | 19 +++++++++ 2 files changed, 50 insertions(+), 31 deletions(-) diff --git a/.github/workflows/image-scanner.yml b/.github/workflows/image-scanner.yml index 9d48ac0..9142c88 100644 --- a/.github/workflows/image-scanner.yml +++ b/.github/workflows/image-scanner.yml @@ -1,31 +1,31 @@ -name: build -on: - workflow_run: - workflows: [ "Code check" ] - types: - - completed -jobs: - on-failure: - runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.conclusion == 'failure' }} - steps: - - run: echo 'The triggering workflow failed' - build: - name: Image vulnerability scanner - if: ${{ github.event.workflow_run.conclusion == 'success' }} - runs-on: ubuntu-20.04 - steps: - - name: Checkout code - uses: actions/checkout@v2 - - name: Build an image from Dockerfile - run: | - docker build -t docker.io/my-organization/my-app:${{ github.sha }} . - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' \ No newline at end of file +#name: build +#on: +# workflow_run: +# workflows: [ "Code check" ] +# types: +# - completed +#jobs: +# on-failure: +# runs-on: ubuntu-latest +# if: ${{ github.event.workflow_run.conclusion == 'failure' }} +# steps: +# - run: echo 'The triggering workflow failed' +# build: +# name: Image vulnerability scanner +# if: ${{ github.event.workflow_run.conclusion == 'success' }} +# runs-on: ubuntu-20.04 +# steps: +# - name: Checkout code +# uses: actions/checkout@v2 +# - name: Build an image from Dockerfile +# run: | +# docker build -t docker.io/my-organization/my-app:${{ github.sha }} . +# - name: Run Trivy vulnerability scanner +# uses: aquasecurity/trivy-action@master +# with: +# image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}' +# format: 'table' +# exit-code: '1' +# ignore-unfixed: true +# vuln-type: 'os,library' +# severity: 'CRITICAL,HIGH' \ No newline at end of file diff --git a/.github/workflows/quality-checks.yml b/.github/workflows/quality-checks.yml index 084043f..8d32a12 100644 --- a/.github/workflows/quality-checks.yml +++ b/.github/workflows/quality-checks.yml @@ -76,3 +76,22 @@ jobs: echo "Failed" exit 1 fi + build: + name: Image vulnerability scanner + needs: [docker-lint, golangci] + runs-on: ubuntu-20.04 + steps: + - name: Checkout code + uses: actions/checkout@v3 + - name: Build an image from Dockerfile + run: | + docker build -t docker.io/my-organization/my-app:${{ github.sha }} . + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' \ No newline at end of file