github action + minor refactor

2023-04-29 12:56:19 +02:00
parent 3921b648ce
commit 07bd5c8287
2 changed files with 50 additions and 31 deletions
--- a/.github/workflows/image-scanner.yml
+++ b/.github/workflows/image-scanner.yml
@@ -1,31 +1,31 @@
-name: build
+#name: build
-on:
+#on:
-  workflow_run:
+#  workflow_run:
-    workflows: [ "Code check" ]
+#    workflows: [ "Code check" ]
-    types:
+#    types:
-      - completed
+#      - completed
-jobs:
+#jobs:
-  on-failure:
+#  on-failure:
-    runs-on: ubuntu-latest
+#    runs-on: ubuntu-latest
-    if: ${{ github.event.workflow_run.conclusion == 'failure' }}
+#    if: ${{ github.event.workflow_run.conclusion == 'failure' }}
-    steps:
+#    steps:
-      - run: echo 'The triggering workflow failed'
+#      - run: echo 'The triggering workflow failed'
-  build:
+#  build:
-    name: Image vulnerability scanner
+#    name: Image vulnerability scanner
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+#    if: ${{ github.event.workflow_run.conclusion == 'success' }}
-    runs-on: ubuntu-20.04
+#    runs-on: ubuntu-20.04
-    steps:
+#    steps:
-      - name: Checkout code
+#      - name: Checkout code
-        uses: actions/checkout@v2
+#        uses: actions/checkout@v2
-      - name: Build an image from Dockerfile
+#      - name: Build an image from Dockerfile
-        run: |
+#        run: |
-          docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
+#          docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
-      - name: Run Trivy vulnerability scanner
+#      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+#        uses: aquasecurity/trivy-action@master
-        with:
+#        with:
-          image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
+#          image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
-          format: 'table'
+#          format: 'table'
-          exit-code: '1'
+#          exit-code: '1'
-          ignore-unfixed: true
+#          ignore-unfixed: true
-          vuln-type: 'os,library'
+#          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
+#          severity: 'CRITICAL,HIGH'
--- a/.github/workflows/quality-checks.yml
+++ b/.github/workflows/quality-checks.yml
@@ -76,3 +76,22 @@ jobs:
              echo "Failed"
              exit 1
          fi
  build:
    name: Image vulnerability scanner
    needs: [docker-lint, golangci]
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: Build an image from Dockerfile
        run: |
          docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
          format: 'table'
          exit-code: '1'
          ignore-unfixed: true
          vuln-type: 'os,library'
          severity: 'CRITICAL,HIGH'