check.yml

name: build

on:
  workflow_dispatch:
  schedule:
    - cron: '0 0 * * 0'
  push:
    branches:
      - main
  pull_request:

jobs:
  test:
    name: Build and Check with Trivy
    runs-on: ubuntu-latest
    steps:
    - name: Checkout
      uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 #v3.6.0
    - name: Docker Build Test
      run: |
        docker build $(sh build-arg-helper.sh version.env) -t localrunner .
    - name: Run Trivy vulnerability scanner
      env:
        TRIVY_DB_REPOSITORY: 'ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db'
        TRIVY_JAVA_DB_REPOSITORY: 'ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db'
      uses: aquasecurity/trivy-action@master
      with:
        image-ref: 'localrunner'
        format: 'table'
        exit-code: '1'
        severity: 'CRITICAL,HIGH'
        trivyignores: '.trivyignore'
        timeout: '120m'
        scanners: 'vuln'