Update Trivy GitHub workflows #908
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright 2022, 2024, Oracle Corporation and/or its affiliates. All rights reserved. | |
| # Licensed under the Universal Permissive License v 1.0 as shown at | |
| # http://oss.oracle.com/licenses/upl. | |
| # --------------------------------------------------------------------------- | |
| # Coherence Operator GitHub Actions Backwards Compatibility Tests. | |
| # --------------------------------------------------------------------------- | |
| name: Trivy Image Scan | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '0 2 * * *' | |
| push: | |
| branches-ignore: | |
| - gh-pages | |
| - 1.0.0 | |
| - 2.x | |
| - 3.x | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up JDK | |
| uses: oracle-actions/setup-java@v1 | |
| with: | |
| website: oracle.com | |
| release: 21 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: 1.22.x | |
| - name: Cache Go Modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-mods-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go-mods- | |
| - name: Cache Maven packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2 | |
| key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: ${{ runner.os }}-m2 | |
| - name: Edit DNS Resolve | |
| shell: bash | |
| run: | | |
| sudo chown -R runner:runner /run/systemd/resolve/stub-resolv.conf | |
| sudo echo nameserver 8.8.8.8 > /run/systemd/resolve/stub-resolv.conf | |
| - name: Build Image | |
| shell: bash | |
| run: | | |
| export VERSION=${{ github.sha }} | |
| make build-operator-images | |
| - name: Run Trivy scanner without downloading DBs | |
| uses: ./.github/actions/trivy-action-0.28.0 | |
| with: | |
| image-ref: 'ghcr.io/oracle/coherence-operator:${{ github.sha }}' | |
| format: 'table' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| env: | |
| TRIVY_SKIP_DB_UPDATE: true | |
| TRIVY_SKIP_JAVA_DB_UPDATE: true |