Skip to content

Commit

Permalink
add: complete workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
Silvija Tovernic committed Sep 21, 2024
1 parent 62e63a6 commit 7cee680
Showing 1 changed file with 17 additions and 26 deletions.
43 changes: 17 additions & 26 deletions .github/workflows/reusable-workflow-docker-image.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,31 +46,22 @@ jobs:
echo "Pushing image: $REGISTRY/$IMAGE_NAME:$IMAGE_TAG"
podman push $REGISTRY/$IMAGE_NAME:$IMAGE_TAG
- name: Check image with Trivy
run: |
mkdir build-artifacts
trivy image $REGISTRY/$IMAGE_NAME:$IMAGE_TAG >> build-artifacts/vuln-scan.txt
cat build-artifacts/vuln-scan.txt
trivy image --format spdx ubuntu:rolling >> build-artifacts/sbom-spdx.txt
trivy image --format cyclonedx ubuntu:rolling >> build-artifacts/sbom-cyclonedx.txt
# - name: Setup Trivy
# run: |
# sudo apt-get install wget apt-transport-https gnupg lsb-release
# wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
# echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
# sudo apt-get update
# sudo apt-get install trivy

# - name: Check image with Trivy
# run: |
# mkdir build-artifacts
# trivy image $REGISTRY/$IMAGE_NAME:$IMAGE_TAG >> build-artifacts/vuln-scan.txt
# cat build-artifacts/vuln-scan.txt
# trivy image --format spdx ubuntu:rolling >> build-artifacts/sbom-spdx.txt
# trivy image --format cyclonedx ubuntu:rolling >> build-artifacts/sbom-cyclonedx.txt

# - name: Upload Artifacts
# uses: actions/upload-artifact@v4
# with:
# name: build-artifacts
# path: build-artifacts/*
- name: Upload Artifacts
uses: actions/upload-artifact@v4
with:
name: build-artifacts
path: build-artifacts/*

# - name: Tag and push Docker image as latest
# # if: github.ref == 'refs/heads/main' # TODO: uncomment once we are done with development
# run: |
# docker tag $REGISTRY/$IMAGE_NAME:$IMAGE_TAG $REGISTRY/$IMAGE_NAME:latest
# docker push $REGISTRY/$IMAGE_NAME:latest
- name: Tag and push Docker image as latest
# if: github.ref == 'refs/heads/main' # TODO: uncomment once we are done with development
run: |
podman tag $REGISTRY/$IMAGE_NAME:$IMAGE_TAG $REGISTRY/$IMAGE_NAME:latest
podman push $REGISTRY/$IMAGE_NAME:latest

0 comments on commit 7cee680

Please sign in to comment.