-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- add emoji for security scanning action - update release.yml - login to docker/ghcr first, then do hadolint? - pull debian image manually - do not delete local docker images? - replace sklearn with scikit-learn
- Loading branch information
Showing
2 changed files
with
14 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -26,22 +26,28 @@ jobs: | |
| uses: jlumbroso/free-disk-space@main # https://github.com/jlumbroso/free-disk-space | ||
| with: | ||
| tool-cache: true | ||
| docker-images: false | ||
|
|
||
| - name: 🤘 Checkout Code | ||
| uses: actions/checkout@v3 # https://github.com/actions/checkout | ||
|
|
||
| - uses: hadolint/[email protected] # https://github.com/hadolint/hadolint-action | ||
| with: | ||
| dockerfile: .devcontainer/Dockerfile | ||
| no-fail: true | ||
|
|
||
| - name: 🔒 Login to Container Registry | ||
| uses: docker/login-action@v2 # https://github.com/docker/login-action | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| # https://hub.docker.com/_/debian | ||
| - name: Pull Debian Slim manually | ||
| run: | | ||
| docker pull debian:bookworm-slim | ||
| - uses: hadolint/[email protected] # https://github.com/hadolint/hadolint-action | ||
| with: | ||
| dockerfile: .devcontainer/Dockerfile | ||
| no-fail: true | ||
|
|
||
| - name: 📝 Versionize | ||
| run: | | ||
| if [[ "$GITHUB_REF" =~ ^refs/tags/v* ]]; then | ||
|
|
@@ -65,7 +71,7 @@ jobs: | |
| docker tag ghcr.io/${{ github.repository }}:$TAG ghcr.io/${{ github.repository }}:latest | ||
| docker push ghcr.io/${{ github.repository }}:latest | ||
| - name: Scan Image for Vulnerabilities | ||
| - name: 🛡️🔍 Scan Image for Vulnerabilities | ||
| uses: aquasecurity/trivy-action@master # https://github.com/aquasecurity/trivy-action | ||
| with: | ||
| image-ref: 'ghcr.io/${{ github.repository }}:latest' | ||
|
|
@@ -74,7 +80,7 @@ jobs: | |
| severity: 'CRITICAL,HIGH' | ||
| ignore-unfixed: true | ||
|
|
||
| - name: Upload scan results to GitHub Security tab | ||
| - name: 🛡️🔼 Upload scan results to GitHub Security tab | ||
| uses: github/codeql-action/upload-sarif@v2 # https://github.com/github/codeql-action | ||
| with: | ||
| sarif_file: 'trivy-results.sarif' | ||