Build

Fix Ubuntu17 #293

Workflow file for this run

	name: "Build"
	on:
	push:
	branches:
	- master
	pull_request:
	branches:
	- master
	schedule:
	- cron: '0 0 * * 0'
	workflow_dispatch:

	jobs:
	build_push_check:
	name: Build docker image, publish it and run vuln scanner against it
	permissions:
	contents: read # for actions/checkout to fetch code
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
	packages: write # for image publication to GitHub Packages
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
	- name: Set up Docker Buildx
	id: buildx
	uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # 3.10.0
	- name: Login to ghcr.io
	uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # 3.4.0
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Free Disk Space (Ubuntu) # Reclaim disk space for build
	uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1
	with:
	docker-images: false # Do not remove locally built images (including trivy scanner)
	- name: Build images
	id: build
	run: ./build
	- name: Test images
	run: ./build --test
	- name: Describe images
	run: ./build --describe >> $GITHUB_STEP_SUMMARY
	- name: Push images
	run: ./build --push
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # v0.30.0
	with:
	image-ref: '${{ steps.build.outputs.LATEST_IMAGE_TAG }}'
	format: 'sarif'
	output: 'trivy-results.sarif'
	severity: 'CRITICAL,HIGH'
	limit-severities-for-sarif: true
	env:
	TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
	TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
	with:
	sarif_file: 'trivy-results.sarif'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Fix Ubuntu17 #293

Workflow file

Fix Ubuntu17 #293

Uh oh!

Jobs

Run details

Workflow file for this run