11name : " [Push] Build dev"
22
33on :
4- push :
5- branches :
6- - master
7- paths-ignore :
8- - ' .github/**'
9- - ' src/VERSION'
10- - ' docs/**'
114 workflow_dispatch :
125
13- env :
14- SLACK_WEBHOOK_URL : ${{secrets.SLACK_WEBHOOK_URL}}
15-
166jobs :
17- versioning :
18- runs-on : ubuntu-latest
19- outputs :
20- version : ${{ steps.versioning.outputs.VERSION }}
21- steps :
22- - uses : actions/checkout@v2
23- - name : get current date
24- run : |
25- sudo ln -sf /usr/share/zoneinfo/Asia/Seoul /etc/localtime
26- echo "TIME=$(date +'%Y%m%d.%H%M%S')" >> $GITHUB_ENV
27- name : set version with current date
28- id : versioning
29- run : |
30- echo "::set-output name=VERSION::$(cat src/VERSION | cut -c 2-).${{ env.TIME }}"
31- name : Notice when job fails
32- if : failure()
33- uses : 8398a7/action-slack@v3.2.0
34- with :
35- status : ${{job.status}}
36- fields : repo,workflow,job
37- author_name : Github Action Slack
38-
39- docker :
40- if : github.repository_owner == 'cloudforet-io'
41- needs : versioning
42- runs-on : ubuntu-latest
43- env :
44- VERSION : ${{ needs.versioning.outputs.version }}
45- steps :
46- - uses : actions/checkout@v2
47- - name : get service name
48- run : |
49- echo "SERVICE=$(echo ${{ github.repository }} | cut -d '/' -f2)" >> $GITHUB_ENV
50- name : Upload docker
51- uses : docker/build-push-action@v1
52- with :
53- path : .
54- repository : pyengine/${{ env.SERVICE }}
55- username : ${{ secrets.DOCKER_USERNAME }}
56- password : ${{ secrets.DOCKER_PASSWORD }}
57- tags : ${{ env.VERSION }}
58- - name : Notice when job fails
59- if : failure()
60- uses : 8398a7/action-slack@v3.2.0
61- with :
62- status : ${{job.status}}
63- fields : repo,workflow,job
64- author_name : Github Action Slack
65-
66- scan :
67- needs : docker
68- runs-on : ubuntu-20.04
7+ none :
8+ run-on : ubuntu-latest
699 steps :
70- - name : Run Trivy vulnerability scanner
71- id : trivy-scan
72- uses : aquasecurity/trivy-action@master
73- with :
74- image-ref : pyengine/${{ github.event.repository.name }}:${{ env.VERSION }}
75- format : ' sarif'
76- output : ' trivy-results.sarif'
77- ignore-unfixed : true
78- vuln-type : ' os,library'
79- severity : ' CRITICAL,HIGH'
80-
81- - name : Upload Trivy scan results to GitHub Security tab
82- uses : github/codeql-action/upload-sarif@v2
83- with :
84- sarif_file : ' trivy-results.sarif'
10+ - name : none
8511
86- - name : Count vulnerabilities
87- id : vulnerabilities
88- run : |
89- count=$(jq '.runs[].results[].ruleId' ./trivy-results.sarif | wc -c)
90- echo "result_count=$count" >> $GITHUB_OUTPUT
91- echo "$count"
92-
93- name : slack
94- if : ${{ steps.vulnerabilities.outputs.result_count != 0 }}
95- uses : 8398a7/action-slack@v3
96- with :
97- status : custom
98- fields : workflowRun
99- custom_payload : |
100- {
101- "blocks": [
102- {
103- "type": "section",
104- "text": {
105- "type": "mrkdwn",
106- "text": ":warning: Image vulnerability detected"
107- }
108- },
109- {
110- "type": "section",
111- "fields": [
112- {
113- "type": "mrkdwn",
114- "text": "*Image:*\n$pyengine/${{ github.event.repository.name }}:${{ env.VERSION }}"
115- },
116- {
117- "type": "mrkdwn",
118- "text": "*Repo name:*\n${{ github.repository }}"
119- }
120- ]
121- },
122- {
123- "type": "actions",
124- "elements": [
125- {
126- "type": "button",
127- "text": {
128- "type": "plain_text",
129- "emoji": true,
130- "text": "View Detail"
131- },
132- "style": "danger",
133- "url": "https://github.com/${{ github.repository }}/security/code-scanning"
134- }
135- ]
136- }
137- ]
138- }
139- env :
140- SLACK_WEBHOOK_URL : ${{secrets.VULNERABILITY_SLACK_WEBHOOK_URL}}
141-
142- notification :
143- runs-on : ubuntu-latest
144- needs : docker
145- steps :
146- - name : Slack
147- if : always()
148- uses : 8398a7/action-slack@v3.2.0
149- with :
150- status : ${{job.status}}
151- fields : repo,message,commit,author,action,ref,workflow,job
152- author_name : Github Action Slack
12+ # deprecated workflow
0 commit comments