From ba6698dae0934c56160d224bd498f94c781eb9b6 Mon Sep 17 00:00:00 2001 From: Kamen Mladenov Date: Sun, 25 Aug 2024 21:00:53 +0300 Subject: Dev (#27) * fix(README): Updated all TODO anchors (#25) * feat(ci/cd): Move Trivy testing into ci, from cd * fix(ci): Typo in needs value * fix(ci): docker build bad arguments * fix(ci): Download dev build artifacts in trivy dev test * fix(ci): Fixed trivy dev test build artifacts path --- .github/workflows/cd.yml | 27 ++------------------------- 1 file changed, 2 insertions(+), 25 deletions(-) (limited to '.github/workflows/cd.yml') diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 103717d..2419fe2 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -22,33 +22,10 @@ jobs: file: ./docker/prod/Dockerfile tags: ${{ secrets.DOCKERHUB_USERNAME }}/pico-web-server:latest - Test-Trivy: - name: Scan production docker container with trivy - runs-on: ubuntu-latest - needs: Build-docker-and-push - permissions: - security-events: write - steps: - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: ${{ secrets.DOCKERHUB_USERNAME }}/pico-web-server:latest - format: 'sarif' - output: 'trivy-results.sarif' - exit-code: 0 - ignore-unfixed: true - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: 'trivy-results.sarif' - sha: ${{ github.sha }} - ref: ${{ github.ref }} - Release: name: Make github release runs-on: ubuntu-latest - needs: Test-Trivy + needs: Build-docker-and-push steps: - uses: actions/checkout@v4 - uses: rymndhng/release-on-push-action@master @@ -61,7 +38,7 @@ jobs: Deploy-kubernetes: name: Deploy kubernetes cluster locally to an action runs-on: ubuntu-latest - needs: Test-Trivy + needs: Build-docker-and-push steps: # Setup dependencies - name: Install socat -- cgit v1.2.3