chore(deps): bump golang from 1.17.5-alpine to 1.22.3-alpine #185
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: pull_request | |
name: dockerfile linting | |
jobs: | |
golanglint: | |
name: golang lint | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/[email protected] | |
- uses: hazcod/action-golangci-lint@master | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
directory: healthcheck | |
dockerfilelint: | |
name: dockerfile lint | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/[email protected] | |
- name: hadolint | |
uses: burdzwastaken/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
HADOLINT_ACTION_DOCKERFILE_FOLDER: . | |
dockerbuild: | |
name: docker build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/[email protected] | |
- name: extract tag | |
id: vars | |
run: echo ::set-output name=nginx_version::$(grep '^FROM nginx' Dockerfile | cut -d ' ' -f 2 | cut -d ':' -f 2) | |
- name: docker build | |
run: docker build . --file Dockerfile --tag image:${{ steps.vars.outputs.nginx_version }} | |
dockerscan: | |
name: docker security scan | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/[email protected] | |
- name: docker build | |
run: docker build . --file Dockerfile --tag image | |
- name: cached scan db | |
uses: actions/[email protected] | |
with: | |
path: vulndb/ | |
key: trivy-vulndb | |
- name: run security scan | |
env: | |
DISTRO: debian | |
run: | | |
docker run --rm \ | |
-v /var/run/docker.sock:/var/run/docker.sock \ | |
-v "$(pwd)/vulndb/":/root/.cache/ \ | |
aquasec/trivy --severity HIGH,CRITICAL,MEDIUM --no-progress --only-update $DISTRO --ignore-unfixed --exit-code 1 --cache-dir /root/.cache/ image | |
docker run --rm -v "$(pwd)/vulndb/":/root/.cache/ alpine:latest chmod 777 -R /root/.cache/ | |