updating security scan as required before build and issue creation for findings
Security / security (push) Failing after 54s
Security / security (push) Failing after 54s
This commit is contained in:
@@ -1,31 +1,25 @@
|
||||
name: Build and Push Docker Image
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- "**"
|
||||
workflow_run:
|
||||
workflows:
|
||||
- Security
|
||||
types:
|
||||
- completed
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
if: ${{ gitea.event.workflow_run.event == 'push' && gitea.event.workflow_run.conclusion == 'success' }}
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
# - name: Run Trivy vulnerability scanner in repo mode
|
||||
# uses: aquasecurity/trivy-action@v0.36.0
|
||||
# with:
|
||||
# scan-type: 'fs'
|
||||
# ignore-unfixed: true
|
||||
# format: 'sarif'
|
||||
# output: 'trivy-results.sarif'
|
||||
# severity: 'CRITICAL'
|
||||
|
||||
# - name: Upload Trivy scan results to GitHub Security tab
|
||||
# uses: github/codeql-action/upload-sarif@v4
|
||||
# with:
|
||||
# sarif_file: 'trivy-results.sarif'
|
||||
with:
|
||||
ref: ${{ gitea.event.workflow_run.head_sha }}
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
@@ -39,7 +33,7 @@ jobs:
|
||||
- name: Compute image tag
|
||||
id: tag
|
||||
run: |
|
||||
BRANCH="${{ gitea.ref_name }}"
|
||||
BRANCH="${{ gitea.event.workflow_run.head_branch }}"
|
||||
|
||||
if [ "$BRANCH" = "main" ]; then
|
||||
TAG="latest"
|
||||
@@ -49,7 +43,8 @@ jobs:
|
||||
TAG="test"
|
||||
fi
|
||||
|
||||
echo "tag=$TAG" >> $GITHUB_OUTPUT
|
||||
echo "tag=$TAG" >> "$GITEA_OUTPUT"
|
||||
echo "branch=$BRANCH" >> "$GITEA_OUTPUT"
|
||||
|
||||
- name: Build and push
|
||||
uses: docker/build-push-action@v6
|
||||
@@ -66,7 +61,7 @@ jobs:
|
||||
-d "{
|
||||
\"tags\": \"all\",
|
||||
\"title\": \"Gitea Build Succeeded\",
|
||||
\"body\": \"Repo: ${{ gitea.repository }}\\nBranch: ${{ gitea.ref_name }}\\nImage tag built successfully\"
|
||||
\"body\": \"Repo: ${{ gitea.repository }}\\nBranch: ${{ steps.tag.outputs.branch }}\\nImage tag built successfully\"
|
||||
}" \
|
||||
${{ secrets.APPRISE_URL }}
|
||||
|
||||
@@ -78,6 +73,6 @@ jobs:
|
||||
-d "{
|
||||
\"tags\": \"all\",
|
||||
\"title\": \"Gitea Build Failed\",
|
||||
\"body\": \"Repo: ${{ gitea.repository }}\\nBranch: ${{ gitea.ref_name }}\\nCheck logs in Gitea\"
|
||||
\"body\": \"Repo: ${{ gitea.repository }}\\nBranch: ${{ steps.tag.outputs.branch }}\\nCheck logs in Gitea\"
|
||||
}" \
|
||||
${{ secrets.APPRISE_URL }}
|
||||
${{ secrets.APPRISE_URL }}
|
||||
|
||||
Reference in New Issue
Block a user