Skip to content

Change exit code to 0 on IaC Security Scan Action #8

Change exit code to 0 on IaC Security Scan Action

Change exit code to 0 on IaC Security Scan Action #8

Workflow file for this run

name: Go
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
jobs:
build:
name: Build + Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.22.2'
- name: Postgres Docker
run: docker run -p 5432:5432 -d -e POSTGRES_HOST_AUTH_METHOD=trust postgres
- name: Build
run: go build -v ./...
- name: Test
run: go test -v ./...
sonarCloud:
name: SonarCloud
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
build-and-push:
name: Build and Push Docker Image
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Get Git Commit SHA
id: git_sha
run: echo "::set-output name=GIT_SHA::$(git rev-parse --short HEAD)"
- name: Build Docker image
run: docker image build -f Dockerfile -t pezcraft/my-firstimage:0.0.1 ./
- name: Set Docker tag
run: docker image tag pezcraft/my-firstimage:0.0.1 pezcraft/my-firstimage:${{ steps.git_sha.outputs.GIT_SHA }}
- name: Docker Image Security Scan
uses: aquasecurity/[email protected]
continue-on-error: true
with:
image-ref: 'pezcraft/my-firstimage:${{ steps.git_sha.outputs.GIT_SHA }}'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
exit-code: 1
- name: IaC Security Scan
uses: aquasecurity/[email protected]
continue-on-error: false
with:
scan-type: 'config'
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
exit-code: 0
- name: Push Docker image to Docker Hub
run: docker image push pezcraft/my-firstimage:${{ steps.git_sha.outputs.GIT_SHA }}