security.yaml

name: Security
on:
  push:
    branches:
      - main
  pull_request:
jobs:
  build:
    name: Build
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: Build an TrustyAI operator image from Dockerfile
        run: docker build -t quay.io/trustyai/trustyai-service-operator:${{ github.sha }} .
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@0.28.0
        with:
          image-ref: "quay.io/trustyai/trustyai-service-operator:${{ github.sha }}"
          format: "table"
          exit-code: "1"
          ignore-unfixed: true
          vuln-type: "os,library"
          severity: "CRITICAL,HIGH,MEDIUM"
      - name: Build an LM-Eval driver image from Dockerfile
        run: docker build -f Dockerfile.driver -t quay.io/trustyai/ta-lmes-driver:${{ github.sha }} .
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@0.28.0
        with:
          image-ref: "quay.io/trustyai/ta-lmes-driver:${{ github.sha }}"
          format: "table"
          exit-code: "1"
          ignore-unfixed: true
          vuln-type: "os,library"
          severity: "CRITICAL,HIGH,MEDIUM"