use recent version of aquasecurity/trivy-action #953
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: test, docker build & push | |
| on: [push] | |
| jobs: | |
| hadolint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - run: docker run --rm -i hadolint/hadolint < Dockerfile | |
| ruby: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ruby/setup-ruby@v1 | |
| with: | |
| bundler-cache: true | |
| - run: bundle exec rubocop -F | |
| - run: bundle exec yard doc --fail-on-warning --no-output | |
| rspec: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ruby/setup-ruby@v1 | |
| with: | |
| bundler-cache: true | |
| - run: bundle exec rspec | |
| docker-test: | |
| needs: hadolint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ruby/setup-ruby@v1 | |
| with: | |
| bundler-cache: true | |
| - run: | | |
| bundle exec rake | |
| docker-push: | |
| # if: ${{ github.ref == 'refs/heads/master' }} | |
| needs: | |
| - docker-test | |
| - hadolint | |
| - ruby | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| env: | |
| IMAGE_NAME: gilcreator/html2rss-web | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| # - name: Log in to DockerHub | |
| # uses: docker/login-action@v3 | |
| # with: | |
| # username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| # password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| # - name: Log in to GitHub Container Registry (GHCR) | |
| # uses: docker/login-action@v3 | |
| # with: | |
| # registry: ghcr.io | |
| # username: ${{ github.actor }} | |
| # password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Cache Docker layers | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: false | |
| # tags: | | |
| # gilcreator/html2rss-web:latest | |
| # ghcr.io/${{ github.repository_owner }}/html2rss-web:latest | |
| platforms: linux/amd64,linux/arm64 | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache-new | |
| - name: Scan Docker image for vulnerabilities | |
| uses: aquasecurity/trivy-action@0.28.0 | |
| with: | |
| image-ref: gilcreator/html2rss-web:latest | |
| format: table | |
| exit-code: 0 | |
| ignore-unfixed: true | |
| - name: Move updated cache into place | |
| run: | | |
| rm -rf /tmp/.buildx-cache | |
| mv /tmp/.buildx-cache-new /tmp/.buildx-cache |