feat(workflows): integrate dockle (#273)

* feat(workflows): leverage dockle
StatCan · Aug 21, 2023 · d617ace · d617ace
1 parent 45bca88
commit d617ace
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -64,18 +64,27 @@ jobs:
       run: |
         docker build -f Dockerfile -t localhost:5000/jupyter-apis:${{ github.sha }} .
         docker push localhost:5000/jupyter-apis:${{ github.sha }}
-        docker rmi localhost:5000/jupyter-apis:${{ github.sha }}
         docker image prune
     
     - name: Aqua Security Trivy image scan
       run: |
         curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin ${{ env.TRIVY_VERSION }}
         trivy image localhost:5000/jupyter-apis:${{ github.sha }} --exit-code 1 --timeout=20m --security-checks vuln --severity CRITICAL
-    
+  
+    # Run Dockle
+    - name: Run dockle
+      uses: goodwithtech/dockle-action@main
+      with:
+        image: localhost:5000/jupyter-apis:${{ github.sha }}
+        format: 'list'
+        exit-code: '0'
+        exit-level: 'fatal'
+        ignore: 'DKL-DI-0006'
+
     # Container build and push to a Azure Container registry (ACR)
     - name: Push to ACR if necessary
       if: steps.should-i-push.outputs.boolean == 'true'
       run: |
         docker pull localhost:5000/jupyter-apis:${{ github.sha }}
         docker tag localhost:5000/jupyter-apis:${{ github.sha }} ${{ env.REGISTRY }}/jupyter-apis:${{ github.sha }}
-        docker push ${{ env.REGISTRY }}/jupyter-apis:${{ github.sha }}
+        docker push ${{ env.REGISTRY }}/jupyter-apis:${{ github.sha }}