Build

Build #366

Workflow file for this run

	name: "Build"
	on:
	push:
	branches:
	- master
	pull_request:
	branches:
	- master
	schedule:
	- cron: '0 0 * * 0'
	workflow_dispatch:

	jobs:
	build_push_check:
	name: Build docker image, publish it and run vuln scanner against it
	permissions:
	contents: read # for actions/checkout to fetch code
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
	packages: write # for image publication to GitHub Packages
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0
	- name: Set up Docker Buildx
	id: buildx
	uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # 3.11.1
	- name: Login to ghcr.io
	uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # 3.5.0
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Free Disk Space (Ubuntu) # Reclaim disk space for build
	uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1
	with:
	docker-images: false # Do not remove locally built images (including trivy scanner)
	- name: Build images
	id: build
	run: ./build
	- name: Test images
	run: ./build --test
	- name: Describe images
	run: ./build --describe >> $GITHUB_STEP_SUMMARY
	- name: Push images
	run: ./build --push
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1
	with:
	image-ref: '${{ steps.build.outputs.LATEST_IMAGE_TAG }}'
	format: 'sarif'
	output: 'trivy-results.sarif'
	severity: 'CRITICAL,HIGH'
	limit-severities-for-sarif: true
	env:
	TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
	TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3.30.1
	with:
	sarif_file: 'trivy-results.sarif'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Build #366

Workflow file

Build #366

Uh oh!

Jobs

Run details

Workflow file for this run