diff options
Diffstat (limited to '.github/workflows')
| -rw-r--r-- | .github/workflows/main.yml | 69 | ||||
| -rw-r--r-- | .github/workflows/test.yml | 32 | ||||
| -rw-r--r-- | .github/workflows/trivy.yml | 38 |
3 files changed, 74 insertions, 65 deletions
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 3fddc7e..a8a47ef 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,51 +1,40 @@ -name: Release for silvio/docker-languagetool - +name: Build on: push: - tags: - - '[0-9]+.[0-9]+' - - '[0-9]+.[0-9]+.[0-9]+' - - '[0-9]+.[0-9]+-update[0-9]+' - - '[0-9]+.[0-9]+.[0-9]+-update[0-9]+' + branches: [ master ] + schedule: + - cron: '5 4 * * *' + workflow_dispatch: jobs: - docker: + build: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - - - name: Set environment variables - run: | - make envout >> ${GITHUB_ENV} - - - name: Prepare system - run: | - make prepare - - - name: Build Docker image - run: | - make build + - uses: actions/checkout@v2 + - run: | + make docker-test - - name: Run tests - run: | - make test - - - name: Login Docker - uses: docker/login-action@v1 + push: + runs-on: ubuntu-latest + needs: [ build ] + permissions: + packages: write + contents: read + steps: + - uses: actions/checkout@v2 with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_PASSWORD }} + fetch-depth: 0 - - name: Push tag - run: | - make tag + - uses: docker/login-action@v1 + env: + GITHUB_USER: ${{ github.actor }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + registry: ghcr.io + username: $GITHUB_USER + password: ${{ secrets.GITHUB_TOKEN }} + - run: | + make docker-push \ + DOCKER_EXTRA_ARGS="-v ${HOME}/.docker:/root/.docker" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index de95a7f..63c8c1b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,36 +1,18 @@ -name: Test for silviof/docker-languagetool +name: Test on: + push: + branches: [ master ] pull_request: + branches: [ master ] workflow_dispatch: jobs: build: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v2 + - uses: actions/checkout@v2 - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - - - name: Set environment variables - run: | - make envout >> ${GITHUB_ENV} - - - name: Prepare system - run: | - make prepare - - - name: Build Docker image - run: | - make build - - - name: Run tests - run: | - make test + - run: | + make docker-test diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml new file mode 100644 index 0000000..ce25513 --- /dev/null +++ b/.github/workflows/trivy.yml @@ -0,0 +1,38 @@ +name: Trivy + +on: + workflow_dispatch: + push: + branches: [ master ] + pull_request: + branches: [ master ] + schedule: + - cron: '28 15 * * 3' + +permissions: + contents: read + +jobs: + build: + permissions: + contents: read + security-events: write + runs-on: "ubuntu-18.04" + steps: + - uses: actions/checkout@v2 + + - run: | + docker build -t docker.io/my-organization/my-app:${{ github.sha }} . + + - uses: aquasecurity/trivy-action@2a2157eb22c08c9a1fac99263430307b8d1bc7a2 + with: + image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}' + format: 'template' + template: '@/contrib/sarif.tpl' + output: 'trivy-results.sarif' + severity: 'CRITICAL,HIGH' + ignore-unfixed: true + + - uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: 'trivy-results.sarif' |