Skip to content

chore(deps): bump elgohr/Publish-Docker-Github-Action from 3.04 to 5 #182

chore(deps): bump elgohr/Publish-Docker-Github-Action from 3.04 to 5

chore(deps): bump elgohr/Publish-Docker-Github-Action from 3.04 to 5 #182

Workflow file for this run

on: pull_request
name: dockerfile linting
jobs:
golanglint:
name: golang lint
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
- uses: hazcod/action-golangci-lint@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
directory: healthcheck
dockerfilelint:
name: dockerfile lint
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
- name: hadolint
uses: burdzwastaken/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HADOLINT_ACTION_DOCKERFILE_FOLDER: .
dockerbuild:
name: docker build
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
- name: extract tag
id: vars
run: echo ::set-output name=nginx_version::$(grep '^FROM nginx' Dockerfile | cut -d ' ' -f 2 | cut -d ':' -f 2)
- name: docker build
run: docker build . --file Dockerfile --tag image:${{ steps.vars.outputs.nginx_version }}
dockerscan:
name: docker security scan
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
- name: docker build
run: docker build . --file Dockerfile --tag image
- name: cached scan db
uses: actions/[email protected]
with:
path: vulndb/
key: trivy-vulndb
- name: run security scan
env:
DISTRO: debian
run: |
docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock \
-v "$(pwd)/vulndb/":/root/.cache/ \
aquasec/trivy --severity HIGH,CRITICAL,MEDIUM --no-progress --only-update $DISTRO --ignore-unfixed --exit-code 1 --cache-dir /root/.cache/ image
docker run --rm -v "$(pwd)/vulndb/":/root/.cache/ alpine:latest chmod 777 -R /root/.cache/