Skip to content

Commit

Permalink
Merge pull request #31 from ironpeakservices/fix/ci
Browse files Browse the repository at this point in the history
Feature: GitHub Container Registry
  • Loading branch information
hazcod authored Oct 15, 2020
2 parents de71d7c + 7bb8c15 commit 11a93e9
Show file tree
Hide file tree
Showing 4 changed files with 98 additions and 38 deletions.
30 changes: 0 additions & 30 deletions .github/workflows/publish.yaml

This file was deleted.

38 changes: 38 additions & 0 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
on:
push:
branches:
- master

name: Publish Image
jobs:
dockerpush:
name: docker build
runs-on: ubuntu-latest
steps:
-
uses: actions/[email protected]
-
uses: go-semantic-release/action@v1
id: version
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
-
run: echo "Pushing version ${{ steps.version.outputs.version }}"
-
name: Publish to Registry
uses: elgohr/[email protected]
with:
registry: ghcr.io
name: "ghcr.io/ironpeakservices/iron-cockroachdb:${{ steps.version.outputs.version }}"
username: hazcod
password: ${{ secrets.PACKAGE_TOKEN }}
-
name: Create GitHub release
uses: actions/[email protected]
with:
tag_name: ${{ steps.version.outputs.version }}
release_name: iron-cockroachdb
draft: false
prerelease: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
60 changes: 60 additions & 0 deletions .github/workflows/security.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
name: Security

on:
push:
branches: [master]
schedule:
- cron: '0 11 * * 2'

jobs:
dockerscan:
name: Docker Scan
runs-on: ubuntu-latest
steps:
-
uses: actions/checkout@v1
-
name: Set env
run: echo ::set-env name=RELEASE_VERSION::$(git describe --tags $(git rev-list --tags --max-count=1))
-
name: Docker login
env:
USER: hazcod
REGISTRY: docker.pkg.github.com
run: echo "${{ secrets.PACKAGE_TOKEN }}" | docker login -u "${USER}" --password-stdin "${REGISTRY}"
-
name: Docker pull
run: docker pull "docker.pkg.github.com/ironpeakservices/iron-debian:${{ env.RELEASE_VERSION }}"
-
name: Run vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.pkg.github.com/ironpeakservices/iron-debian:${{ env.RELEASE_VERSION }}'
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results.sarif'
ignore-unfixed: true
severity: 'CRITICAL,HIGH,MEDIUM'
-
name: Upload Trivy scan results to Security tab
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: 'trivy-results.sarif'

goscan:
name: Go Scan
runs-on: ubuntu-latest
steps:
-
uses: actions/checkout@v2
-
run: git checkout HEAD^2
if: ${{ github.event_name == 'pull_request' }}
-
name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: go
-
name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
8 changes: 0 additions & 8 deletions .whitesource

This file was deleted.

0 comments on commit 11a93e9

Please sign in to comment.