diff options
author | Astound <kirito@disroot.org> | 2024-07-16 12:22:32 +0800 |
---|---|---|
committer | Astound <kirito@disroot.org> | 2024-07-16 12:22:32 +0800 |
commit | cd5f00f5415aa68eda1644399b86c75b580cfd57 (patch) | |
tree | 24a08ccc69c6242d2ab37fdc434c7f7850888d3d /.gitea | |
parent | 883d7e794e93fd75b383cad85b1c84bef2036731 (diff) | |
download | gitolite-cgit-docker-cd5f00f5415aa68eda1644399b86c75b580cfd57.tar.lz gitolite-cgit-docker-cd5f00f5415aa68eda1644399b86c75b580cfd57.tar.xz gitolite-cgit-docker-cd5f00f5415aa68eda1644399b86c75b580cfd57.zip |
Add trivy scan
Diffstat (limited to '.gitea')
-rw-r--r-- | .gitea/workflows/release.yaml | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/.gitea/workflows/release.yaml b/.gitea/workflows/release.yaml index 7770b5a..60112a1 100644 --- a/.gitea/workflows/release.yaml +++ b/.gitea/workflows/release.yaml @@ -30,7 +30,8 @@ jobs: username: ${{ secrets.DOCKER_REGISTRY_USER }} password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} - - name: Build and push + - name: Build Docker image + id: build-image uses: docker/build-push-action@v6 with: context: gitolite-cgit @@ -38,7 +39,30 @@ jobs: platforms: | linux/amd64 linux/386 - push: true + push: false no-cache: true tags: | rusian/gitolite-cgit:latest + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: rusian/gitolite-cgit:latest + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os' + severity: 'CRITICAL,HIGH' + + - name: Push Docker image + uses: docker/build-push-action@v6 + with: + context: gitolite-cgit + file: gitolite-cgit/Dockerfile + platforms: | + linux/amd64 + linux/386 + push: true + no-cache: false + tags: | + rusian/gitolite-cgit:latest |