mirror of
https://github.com/shenxn/protonmail-bridge-docker.git
synced 2025-12-06 08:27:08 +00:00
maybe this works
This commit is contained in:
Simon Ungar Felding
parent
797a5aba41
commit
7bf1e06955
31
.github/workflows/build.yaml
vendored
31
.github/workflows/build.yaml
vendored
@ -35,8 +35,7 @@ jobs:
|
|||||||
uses: docker/metadata-action@v5
|
uses: docker/metadata-action@v5
|
||||||
with:
|
with:
|
||||||
images: |
|
images: |
|
||||||
${{ env.DOCKERHUB_REPO }}
|
${{ env.DOCKER_REPO_DEV }}
|
||||||
${{ env.GHCR_REPO }}
|
|
||||||
|
|
||||||
- name: Login to GHCR
|
- name: Login to GHCR
|
||||||
uses: docker/login-action@v3
|
uses: docker/login-action@v3
|
||||||
@ -55,7 +54,7 @@ jobs:
|
|||||||
uses: docker/build-push-action@v6
|
uses: docker/build-push-action@v6
|
||||||
with:
|
with:
|
||||||
labels: ${{ steps.meta.outputs.labels }}
|
labels: ${{ steps.meta.outputs.labels }}
|
||||||
outputs: type=image,"name=${{ env.GHCR_REPO }}",push-by-digest=false,name-canonical=true,push=true
|
outputs: type=image,"name=${{ env.DOCKER_REPO_DEV }}",push-by-digest=false,name-canonical=true,push=true
|
||||||
context: ./build
|
context: ./build
|
||||||
file: ./build/Dockerfile
|
file: ./build/Dockerfile
|
||||||
tags: "${{ env.DOCKER_REPO_DEV }}:${{ github.ref_name }}"
|
tags: "${{ env.DOCKER_REPO_DEV }}:${{ github.ref_name }}"
|
||||||
@ -148,19 +147,6 @@ jobs:
|
|||||||
digest="${{ steps.build.outputs.digest }}"
|
digest="${{ steps.build.outputs.digest }}"
|
||||||
touch "${{ runner.temp }}/digests/${digest#sha256:}"
|
touch "${{ runner.temp }}/digests/${digest#sha256:}"
|
||||||
|
|
||||||
- name: Run Trivy vulnerability scan
|
|
||||||
uses: aquasecurity/trivy-action@0.30.0
|
|
||||||
with:
|
|
||||||
image-ref: "${{ env.DOCKERHUB_REPO }}:${{ env.version }}-build"
|
|
||||||
format: 'sarif'
|
|
||||||
exit-code: 0
|
|
||||||
severity: 'CRITICAL,HIGH'
|
|
||||||
output: 'trivy-results.sarif'
|
|
||||||
- name: Upload Trivy scan SARIF report
|
|
||||||
uses: github/codeql-action/upload-sarif@v3
|
|
||||||
with:
|
|
||||||
sarif_file: 'trivy-results.sarif'
|
|
||||||
|
|
||||||
- name: Upload digest
|
- name: Upload digest
|
||||||
uses: actions/upload-artifact@v4
|
uses: actions/upload-artifact@v4
|
||||||
with:
|
with:
|
||||||
@ -219,6 +205,19 @@ jobs:
|
|||||||
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
|
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
|
||||||
$(printf '${{ env.GHCR_REPO }}@sha256:%s ' *)
|
$(printf '${{ env.GHCR_REPO }}@sha256:%s ' *)
|
||||||
|
|
||||||
|
- name: Run Trivy vulnerability scan
|
||||||
|
uses: aquasecurity/trivy-action@0.30.0
|
||||||
|
with:
|
||||||
|
image-ref: "${{ env.DOCKERHUB_REPO }}:${{ env.version }}-build"
|
||||||
|
format: 'sarif'
|
||||||
|
exit-code: 0
|
||||||
|
severity: 'CRITICAL,HIGH'
|
||||||
|
output: 'trivy-results.sarif'
|
||||||
|
- name: Upload Trivy scan SARIF report
|
||||||
|
uses: github/codeql-action/upload-sarif@v3
|
||||||
|
with:
|
||||||
|
sarif_file: 'trivy-results.sarif'
|
||||||
|
|
||||||
- name: Inspect image
|
- name: Inspect image
|
||||||
run: |
|
run: |
|
||||||
docker buildx imagetools inspect ${{ env.DOCKERHUB_REPO }}:${{ steps.meta.outputs.version }}
|
docker buildx imagetools inspect ${{ env.DOCKERHUB_REPO }}:${{ steps.meta.outputs.version }}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user