Trivy Image Scan #896
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright 2022, 2024, Oracle Corporation and/or its affiliates. All rights reserved. | |
| # Licensed under the Universal Permissive License v 1.0 as shown at | |
| # http://oss.oracle.com/licenses/upl. | |
| # --------------------------------------------------------------------------- | |
| # Coherence Operator GitHub Actions Backwards Compatibility Tests. | |
| # --------------------------------------------------------------------------- | |
| name: Trivy Image Scan | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '0 2 * * *' | |
| push: | |
| branches-ignore: | |
| - gh-pages | |
| - 1.0.0 | |
| - 2.x | |
| - 3.x | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up JDK | |
| uses: oracle-actions/setup-java@v1 | |
| with: | |
| website: oracle.com | |
| release: 21 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: 1.22.x | |
| - name: Cache Go Modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-mods-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go-mods- | |
| - name: Cache Maven packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2 | |
| key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: ${{ runner.os }}-m2 | |
| - name: Setup oras | |
| uses: ./.github/actions/setup-oras-1.2.1 | |
| - name: Get current date | |
| id: date | |
| run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT | |
| - name: Download and extract the vulnerability DB | |
| run: | | |
| mkdir -p $GITHUB_WORKSPACE/.cache/trivy/db | |
| oras pull ghcr.io/aquasecurity/trivy-db:2 | |
| tar -xzf db.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/db | |
| rm db.tar.gz | |
| - name: Download and extract the Java DB | |
| run: | | |
| mkdir -p $GITHUB_WORKSPACE/.cache/trivy/java-db | |
| oras pull ghcr.io/aquasecurity/trivy-java-db:1 | |
| tar -xzf javadb.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/java-db | |
| rm javadb.tar.gz | |
| - name: Edit DNS Resolve | |
| shell: bash | |
| run: | | |
| sudo chown -R runner:runner /run/systemd/resolve/stub-resolv.conf | |
| sudo echo nameserver 8.8.8.8 > /run/systemd/resolve/stub-resolv.conf | |
| - name: Image Scan | |
| shell: bash | |
| run: | | |
| echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin | |
| export TRIVY_CACHE=$GITHUB_WORKSPACE/.cache/trivy | |
| make trivy-scan |