diff options
Diffstat (limited to '.gitea/workflows')
-rw-r--r-- | .gitea/workflows/release.yaml | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/.gitea/workflows/release.yaml b/.gitea/workflows/release.yaml index 7770b5a..60112a1 100644 --- a/.gitea/workflows/release.yaml +++ b/.gitea/workflows/release.yaml @@ -30,7 +30,8 @@ jobs: username: ${{ secrets.DOCKER_REGISTRY_USER }} password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} - - name: Build and push + - name: Build Docker image + id: build-image uses: docker/build-push-action@v6 with: context: gitolite-cgit @@ -38,7 +39,30 @@ jobs: platforms: | linux/amd64 linux/386 - push: true + push: false no-cache: true tags: | rusian/gitolite-cgit:latest + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: rusian/gitolite-cgit:latest + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os' + severity: 'CRITICAL,HIGH' + + - name: Push Docker image + uses: docker/build-push-action@v6 + with: + context: gitolite-cgit + file: gitolite-cgit/Dockerfile + platforms: | + linux/amd64 + linux/386 + push: true + no-cache: false + tags: | + rusian/gitolite-cgit:latest |