Delete .github/workflows/govulncheck.yml #112
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://docs.github.com/en/actions/use-cases-and-examples/publishing-packages/publishing-docker-images | |
| # https://docs.docker.com/build/ci/github-actions/manage-tags-labels/ | |
| name: Docker Image CI | |
| on: | |
| push: | |
| branches: | |
| - "**" | |
| tags: | |
| - "v*.*.*" | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| build-and-push-image: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5.5.1 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| # generate Docker tags based on the following events/attributes | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| - name: Build an image from Dockerfile | |
| run: docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:${{ github.sha }} . && docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:${{ github.sha }} ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:latest | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@0.34.0 | |
| with: | |
| image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:${{ github.sha }} | |
| format: 'table' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Log in to the Container registry | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3.3.0 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Tag metadata variants | |
| run: | | |
| while IFS= read -r tag; do | |
| docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:${{ github.sha }} "$tag" | |
| done <<< "${{ steps.meta.outputs.tags }}" | |
| - name: Push Docker image | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| while IFS= read -r tag; do | |
| docker push "$tag" | |
| done <<< "${{ steps.meta.outputs.tags }}" | |
| # - name: Generate artifact attestation | |
| # uses: actions/attest-build-provenance@v1 | |
| # with: | |
| # subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} | |
| # subject-digest: ${{ steps.push.outputs.digest }} | |
| # push-to-registry: true |