aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAstound <kirito@disroot.org>2024-07-16 12:22:32 +0800
committerAstound <kirito@disroot.org>2024-07-16 12:22:32 +0800
commitcd5f00f5415aa68eda1644399b86c75b580cfd57 (patch)
tree24a08ccc69c6242d2ab37fdc434c7f7850888d3d
parent883d7e794e93fd75b383cad85b1c84bef2036731 (diff)
downloadgitolite-cgit-docker-cd5f00f5415aa68eda1644399b86c75b580cfd57.tar.lz
gitolite-cgit-docker-cd5f00f5415aa68eda1644399b86c75b580cfd57.tar.xz
gitolite-cgit-docker-cd5f00f5415aa68eda1644399b86c75b580cfd57.zip
Add trivy scan
-rw-r--r--.gitea/workflows/release.yaml28
1 files changed, 26 insertions, 2 deletions
diff --git a/.gitea/workflows/release.yaml b/.gitea/workflows/release.yaml
index 7770b5a..60112a1 100644
--- a/.gitea/workflows/release.yaml
+++ b/.gitea/workflows/release.yaml
@@ -30,7 +30,8 @@ jobs:
username: ${{ secrets.DOCKER_REGISTRY_USER }}
password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
- - name: Build and push
+ - name: Build Docker image
+ id: build-image
uses: docker/build-push-action@v6
with:
context: gitolite-cgit
@@ -38,7 +39,30 @@ jobs:
platforms: |
linux/amd64
linux/386
- push: true
+ push: false
no-cache: true
tags: |
rusian/gitolite-cgit:latest
+
+ - name: Run Trivy vulnerability scanner
+ uses: aquasecurity/trivy-action@master
+ with:
+ image-ref: rusian/gitolite-cgit:latest
+ format: 'table'
+ exit-code: '1'
+ ignore-unfixed: true
+ vuln-type: 'os'
+ severity: 'CRITICAL,HIGH'
+
+ - name: Push Docker image
+ uses: docker/build-push-action@v6
+ with:
+ context: gitolite-cgit
+ file: gitolite-cgit/Dockerfile
+ platforms: |
+ linux/amd64
+ linux/386
+ push: true
+ no-cache: false
+ tags: |
+ rusian/gitolite-cgit:latest