Remove github action that clean up container packages (#20)

MinBZK · May 23, 2024 · fd01d3e · fd01d3e
2 parents 0517827 + c3e51da
commit fd01d3e
Show file tree

Hide file tree

Showing 7 changed files with 98 additions and 773 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -51,7 +51,7 @@ jobs:
       - name: Install poetry
         run: pipx install poetry
 
-      - name: Set up Python ${{ env.PYTHON_VERSION }}
+      - name: Set up Python ${{ env.python-version }}
         uses: actions/setup-python@v5
         with:
           python-version: ${{ env.PYTHON_VERSION }}
@@ -60,30 +60,15 @@ jobs:
       - name: Install dependencies
         run: poetry install
 
-      - name: Generate SBOM
-        run: poetry run cyclonedx-py poetry --without test,dev > sbom.json
-
-      - name: Generate licenses file
-        run: |
-          poetry run pip-licenses  --order=license --format=json --with-description > licenses.txt
-
-      - name: Upload SBOM and licenses
-        uses: actions/upload-artifact@v4
-        with:
-          name: sbom-licenses-${{ github.sha }}.json
-          path: |
-            sbom.json
-            licenses.txt
-          if-no-files-found: error
-          overwrite: true
+      - name: check licenses used by project in pyproject.toml
+        run: poetry run liccheck -s pyproject.toml
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
-          scan-type: 'fs'
-          scan-ref: '.'
           trivy-config: trivy.yaml
-
+          scan-type: fs
+          scan-ref: '.'
   test:
     runs-on: ubuntu-latest
     strategy:
@@ -186,11 +171,10 @@ jobs:
           annotations: ${{ steps.meta.outputs.annotations }}
           platforms: linux/amd64,linux/arm64,darwin/amd64
 
-      - name: Run Trivy vulnerability scanner
+      - name: Run Trivy vulnerability scanner sarif
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: ${{ steps.meta.outputs.tags }}
-          trivy-config: trivy.yaml
           scan-type: image
           exit-code: 0
           format: 'sarif'
@@ -204,6 +188,41 @@ jobs:
         with:
           sarif_file: 'trivy-results.sarif'
 
+      - name: Run Trivy SBOM
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ steps.meta.outputs.tags }}
+          scan-type: image
+          exit-code: 0
+          format: 'cyclonedx'
+          output: 'trivy-sbom.json'
+          list-all-pkgs: "true"
+        env:
+          TRIVY_USERNAME: ${{ github.actor }}
+          TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run Trivy license scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ steps.meta.outputs.tags }}
+          scan-type: image
+          scanners: 'license'
+          exit-code: 0
+          output: 'trivy-license.json'
+        env:
+          TRIVY_USERNAME: ${{ github.actor }}
+          TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Upload SBOM & License
+        uses: actions/upload-artifact@v4
+        with:
+          name: sbom-licence-${{ github.sha }}.json
+          path: |
+            trivy-sbom.json
+            trivy-license.json
+          if-no-files-found: error
+          overwrite: true
+
   notifyMattermost:
     runs-on: ubuntu-latest
     needs: [lint, security, test, build ]

diff --git a/.github/workflows/cleanup-package-schedule.yml b/.github/workflows/cleanup-package-schedule.yml
diff --git a/.github/workflows/pr-close.yml b/.github/workflows/pr-close.yml