diff options
| author | Syndamia <kamen@syndamia.com> | 2024-08-13 14:55:25 +0300 |
|---|---|---|
| committer | Syndamia <kamen@syndamia.com> | 2024-08-13 14:55:25 +0300 |
| commit | 09ccf73bb5fe8ac2bf665c8a61980d0b7137e4f7 (patch) | |
| tree | 093715f9511b29ce4583fac1d53c718d0767d990 /.github/workflows | |
| parent | 7e26ccf5311d3c68a13b693c5e2b05c61e31f398 (diff) | |
| download | pico-web-09ccf73bb5fe8ac2bf665c8a61980d0b7137e4f7.tar pico-web-09ccf73bb5fe8ac2bf665c8a61980d0b7137e4f7.tar.gz pico-web-09ccf73bb5fe8ac2bf665c8a61980d0b7137e4f7.zip | |
feat(cd*): Added trivy scanning
Diffstat (limited to '.github/workflows')
| -rw-r--r-- | .github/workflows/cd-dev.yml | 18 | ||||
| -rw-r--r-- | .github/workflows/cd.yml | 21 |
2 files changed, 36 insertions, 3 deletions
diff --git a/.github/workflows/cd-dev.yml b/.github/workflows/cd-dev.yml index 9610ca9..2390770 100644 --- a/.github/workflows/cd-dev.yml +++ b/.github/workflows/cd-dev.yml @@ -10,7 +10,6 @@ jobs: Create-and-release-dev-container: name: Build the dev docker container image and push it to dockerhub runs-on: ubuntu-latest - needs: Build steps: - uses: actions/checkout@v4 - uses: dawidd6/action-download-artifact@v6 @@ -29,3 +28,20 @@ jobs: context: . file: ./docker/dev/Dockerfile tags: ${{ secrets.DOCKERHUB_USERNAME }}/pico-web-dev:latest + + Test-Trivy: + name: Scan development docker container with trivy + runs-on: ubuntu-latest + needs: Create-and-release-dev-container + steps: + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.20.0 + with: + image-ref: 'docker.io/${{ secrets.DOCKERHUB_USERNAME }}/pico-web-dev:latest' + format: 'sarif' + output: 'trivy-results.sarif' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 2419fe2..221acc2 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -22,10 +22,27 @@ jobs: file: ./docker/prod/Dockerfile tags: ${{ secrets.DOCKERHUB_USERNAME }}/pico-web-server:latest + Test-Trivy: + name: Scan development docker container with trivy + runs-on: ubuntu-latest + needs: Build-docker-and-push + steps: + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.20.0 + with: + image-ref: 'docker.io/${{ secrets.DOCKERHUB_USERNAME }}/pico-web:latest' + format: 'sarif' + output: 'trivy-results.sarif' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' + Release: name: Make github release runs-on: ubuntu-latest - needs: Build-docker-and-push + needs: Test-Trivy steps: - uses: actions/checkout@v4 - uses: rymndhng/release-on-push-action@master @@ -38,7 +55,7 @@ jobs: Deploy-kubernetes: name: Deploy kubernetes cluster locally to an action runs-on: ubuntu-latest - needs: Build-docker-and-push + needs: Test-Trivy steps: # Setup dependencies - name: Install socat |