From 65ecc8f3620b0f38d0c4ba24a2de871ec4055149 Mon Sep 17 00:00:00 2001 From: Sertac Ozercan Date: Tue, 16 Jan 2024 20:40:41 +0000 Subject: [PATCH] update Signed-off-by: Sertac Ozercan --- .github/workflows/patch.yaml | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/.github/workflows/patch.yaml b/.github/workflows/patch.yaml index 7690d73..4cd7878 100644 --- a/.github/workflows/patch.yaml +++ b/.github/workflows/patch.yaml @@ -28,7 +28,7 @@ jobs: vuln-type: "os" image-ref: ${{ matrix.images }} - # check if there are OS package vulnerabilities + # check whether there are any OS package vulnerabilities - name: Check vulnerability count id: vuln_count run: | @@ -37,10 +37,12 @@ jobs: echo "vuln_count=$vuln_count" >> $GITHUB_OUTPUT # copa action will only run if there are vulnerabilities - - name: Copa Action + - name: Run Copa action if: steps.vuln_count.outputs.vuln_count != '0' id: copa - # using latest (v1) version for illustrative purposes. make sure to pin to a digest for security and stability + # using latest (v1) version for illustrative purposes + # make sure to pin to a digest for security and stability + # rely on dependabot for digest/version updates uses: project-copacetic/copa-action@v1 with: image: ${{ matrix.images }} @@ -52,14 +54,16 @@ jobs: # for other registries, see https://github.com/docker/login-action#usage - name: Login to GHCR if: steps.copa.conclusion == 'success' + id: login uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Docker Push Patched Image + - name: Push patched image if: steps.login.conclusion == 'success' run: | - docker images - # docker push ${{ steps.copa.outputs.patched-image }} + # retag if needed + docker retag ${{ matrix.images }} ghcr.io/sozercan/copa-action/test/${{ steps.copa.outputs.patched-image }} + docker push ghcr.io/sozercan/copa-action/test/${{ steps.copa.outputs.patched-image }}