feat(docker-jans-persistence-loader): add jansFilePath to jansDocument #1636
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Please do not attempt to edit this flow without the direct consent from the DevOps team. This file is managed centrally. | |
| # Contact @moabu | |
| name: Scan Image | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - "!update-pycloud-in-**" | |
| paths: | |
| - "docker-jans-**/**" | |
| - "!**.md" | |
| pull_request: | |
| branches: | |
| - main | |
| - "!update-pycloud-in-**" | |
| paths: | |
| - "docker-jans-**/**" | |
| - "!docker-jans-**/version.txt" | |
| - "!**.md" | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| docker-images: ["auth-server", "certmanager", "config-api", "configurator", "fido2", "persistence-loader", "scim", "monolith", "link", "casa", "all-in-one", "saml", "keycloak-link"] | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - name: Build the Container image | |
| run: docker build ./docker-jans-${{ matrix.docker-images }} --file ./docker-jans-${{ matrix.docker-images }}/Dockerfile --tag localbuild/scanimage:latest | |
| - uses: anchore/scan-action@1c57367e29d11f99ae56571e49f95f1a1991945e # v3.6.3 | |
| id: scan | |
| with: | |
| image: "localbuild/scanimage:latest" | |
| output-format: sarif | |
| fail-build: false | |
| - name: Send JSON report | |
| if: github.event_name == 'workflow_dispatch' | |
| run: | | |
| curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin | |
| grype -v localbuild/scanimage:latest -o json > ${{ matrix.docker-images }}.results.json | |
| curl "https://chat.gluu.org/api/v1/rooms.upload/YNz6rg7eNpngiygkv" \ | |
| -F "file=@${{ matrix.docker-images }}.results.json" \ | |
| -F "msg=${{ matrix.docker-images }} json report." \ | |
| -F "description=Scan detailed JSON report" \ | |
| -H "X-Auth-Token: ${{ secrets.MOAUTO_ROCKETCHAT_TOKEN }}" \ | |
| -H "X-User-Id: ${{ secrets.MOAUTO_ROCKETCHAT_ID }}" | |
| - name: upload Anchore scan SARIF report | |
| uses: github/codeql-action/upload-sarif@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 | |
| with: | |
| sarif_file: results.sarif | |
| - uses: azure/container-scan@f9af925b897d8af5f7e0026b8bca9346261abc93 # v0.1 | |
| continue-on-error: true | |
| with: | |
| image-name: localbuild/scanimage:latest | |
| run-quality-checks: true | |
| severity-threshold: LOW |