Trivy Image Scan #768
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright 2022, Oracle Corporation and/or its affiliates. All rights reserved. | |
# Licensed under the Universal Permissive License v 1.0 as shown at | |
# http://oss.oracle.com/licenses/upl. | |
# --------------------------------------------------------------------------- | |
# Coherence Operator GitHub Actions Backwards Compatibility Tests. | |
# --------------------------------------------------------------------------- | |
name: Trivy Image Scan | |
on: | |
workflow_dispatch: | |
schedule: | |
- cron: '0 0 * * *' | |
push: | |
branches-ignore: | |
- gh-pages | |
- 1.0.0 | |
- 2.x | |
- 3.x | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
# This step will free up disc space on the runner by removing | |
# lots of things that we do not need. | |
- name: disc | |
shell: bash | |
run: | | |
echo "Listing 100 largest packages" | |
dpkg-query -Wf '${Installed-Size}\t${Package}\n' | sort -n | tail -n 100 | |
df -h | |
echo "Removing large packages" | |
sudo apt-get remove -y '^dotnet-.*' || true | |
sudo apt-get remove -y '^llvm-.*' || true | |
sudo apt-get remove -y 'monodoc-http' || true | |
sudo apt-get remove -y 'php.*' || true | |
sudo apt-get remove -y azure-cli google-cloud-sdk hhvm google-chrome-stable firefox powershell mono-devel || true | |
sudo apt-get autoremove -y || true | |
sudo apt-get clean | |
df -h | |
echo "Removing large directories" | |
rm -rf /usr/share/dotnet/ | |
sudo rm -rf /usr/local/lib/android | |
df -h | |
- name: Set up JDK | |
uses: oracle-actions/setup-java@v1 | |
with: | |
website: oracle.com | |
release: 21 | |
- name: Set up Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: 1.21.x | |
- name: Cache Go Modules | |
uses: actions/cache@v3 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-mods-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go-mods- | |
- name: Cache Maven packages | |
uses: actions/cache@v3 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-m2 | |
- name: Cache Tools | |
uses: actions/cache@v3 | |
with: | |
path: build/tools | |
key: ${{ runner.os }}-build-tools-${{ hashFiles('**/Makefile') }} | |
restore-keys: ${{ runner.os }}-build-tools | |
- name: Edit DNS Resolve | |
shell: bash | |
run: | | |
sudo chown -R runner:runner /run/systemd/resolve/stub-resolv.conf | |
sudo echo nameserver 8.8.8.8 > /run/systemd/resolve/stub-resolv.conf | |
- name: Start KinD Cluster | |
shell: bash | |
run: | | |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin | |
make kind | |
kubectl version | |
kubectl get nodes | |
docker pull gcr.io/distroless/java | |
docker pull gcr.io/distroless/java11-debian11 | |
docker pull gcr.io/distroless/java17-debian11 | |
- name: Image Scan | |
shell: bash | |
run: make trivy-scan |