diff options
| author | Kamen Mladenov <kamen@syndamia.com> | 2024-08-25 21:00:53 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-25 21:00:53 +0300 |
| commit | ba6698dae0934c56160d224bd498f94c781eb9b6 (patch) | |
| tree | f495c0f11297caab7ceaf0fa146b722b0284156a /.github/workflows/ci.yml | |
| parent | 4d0ac908168730e3d52758746ab532ec000b44bc (diff) | |
| download | pico-web-0.2.3.tar pico-web-0.2.3.tar.gz pico-web-0.2.3.zip | |
Dev (#27)v0.2.3
* fix(README): Updated all TODO anchors (#25)
* feat(ci/cd): Move Trivy testing into ci, from cd
* fix(ci): Typo in needs value
* fix(ci): docker build bad arguments
* fix(ci): Download dev build artifacts in trivy dev test
* fix(ci): Fixed trivy dev test build artifacts path
Diffstat (limited to '.github/workflows/ci.yml')
| -rw-r--r-- | .github/workflows/ci.yml | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5cf4541..9c6d707 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -60,3 +60,65 @@ jobs: with: name: dev-build-files path: ./build + + Trivy-dev-test: + runs-on: ubuntu-latest + needs: Build + permissions: + security-events: write + steps: + - uses: actions/download-artifact@v3 + with: + name: source-code + path: . + - uses: actions/download-artifact@v3 + with: + name: dev-build-files + path: ./build + - uses: docker/setup-buildx-action@v1 + - run: docker build -t pico-web-dev -f ./docker/dev/Dockerfile . + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: pico-web-dev + format: 'sarif' + output: 'trivy-results.sarif' + exit-code: 0 + ignore-unfixed: true + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' + sha: ${{ github.sha }} + ref: ${{ github.ref }} + + Trivy-prod-test: + runs-on: ubuntu-latest + needs: Build + permissions: + security-events: write + steps: + - uses: actions/download-artifact@v3 + with: + name: source-code + path: . + - uses: docker/setup-buildx-action@v1 + - run: docker build -t pico-web -f ./docker/prod/Dockerfile . + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: pico-web + format: 'sarif' + output: 'trivy-results.sarif' + exit-code: 0 + ignore-unfixed: true + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' + sha: ${{ github.sha }} + ref: ${{ github.ref }} |