Skip to content

disable trivy in CI #168

disable trivy in CI

disable trivy in CI #168

Workflow file for this run

---
name: main
on:
push:
pull_request:
workflow_dispatch:
# schedule:
# - cron: "0 6 * * *"
defaults:
run:
shell: bash
jobs:
containers:
runs-on: ubuntu-22.04
strategy:
matrix:
package: ["FSL", "Freesurfer"]
steps:
- name: checkout
uses: actions/checkout@v4
with:
fetch-depth: 2
- name: skip if unchanged
run: |
set -euxo pipefail
SKIP=0
if ! git diff --name-only HEAD^ | grep "software/${{ matrix.package }}" | grep -v README > /dev/null
then
SKIP=1
fi
echo "SKIP=$SKIP" >> "$GITHUB_ENV"
# - name: Trivy Dockerfile misconfiguration check
# if: env.SKIP == '0'
# run: ./bin/trivy-misconfig-dockerfile.bash "software/${{ matrix.package }}/Dockerfile"
- name: run hadolint
if: env.SKIP == '0'
run: ./bin/hadolint.bash "software/${{ matrix.package }}/Dockerfile"
- name: Run jlumbroso/free-disk-space@main
if: env.SKIP == '0'
uses: jlumbroso/free-disk-space@main
with:
tool-cache: true
- name: free disk space
if: env.SKIP == '0'
run: |
set -euxo pipefail
# From https://github.com/jlumbroso/free-disk-space/pull/24
sudo apt-get remove -y microsoft-edge-stable --fix-missing
sudo apt-get remove -y snapd --fix-missing
# Extras
sudo rm -rf /usr/share/swift
sudo rm -rf /opt/hostedtoolcache
sudo rm -rf /usr/local/aws*
sudo rm -rf /usr/local/julia*
sudo rm -rf /usr/local/lib/R
sudo rm -rf /usr/local/lib/node_modules
sudo rm -rf /usr/local/share/chromium
sudo rm -rf /usr/local/share/chromedriver-linux64
sudo rm -rf /usr/local/share/edge_driver
sudo rm -rf /usr/local/share/gecko_driver
sudo rm -rf /usr/share/java/selenium-server.jar
sudo rm -rf /usr/local/share/
sudo rm -rf /opt/az
sudo rm -rf /opt/mssql-tools
sudo rm -rf /opt/microsoft
df -h
- name: build image
if: env.SKIP == '0'
run: |
set -euxo pipefail
package="${{ matrix.package }}"
cd "software/$package"
img="ghcr.io/smi/${package,,}"
version="$(grep _VERSION= Dockerfile | cut -d'"' -f2)"
image_revision="$(grep _IMAGE_REVISION= Dockerfile | cut -d'"' -f2)"
tag="${version}-${image_revision}"
docker build . --tag "$img:$tag"
docker tag "$img:$tag" "$img:latest"
echo "img=$img" >> "$GITHUB_ENV"
echo "tag=$tag" >> "$GITHUB_ENV"
- name: free disk space
if: env.SKIP == '0'
run: |
set -euxo pipefail
docker builder prune --all --force
df -h
# - name: run trivy
# if: env.SKIP == '0'
# run: |
# set -euxo pipefail
# export reports_dir=$(mktemp -d)
# echo "reports_dir=$reports_dir" >> "$GITHUB_ENV"
# ./bin/trivy-image-scan.bash "$img:$tag"
# - name: upload trivy report
# if: env.SKIP == '0' && !cancelled()
# uses: actions/upload-artifact@v4
# with:
# name: 'trivy-reports-${{ matrix.package }}'
# path: '${{ env.reports_dir }}/'
- name: push image
if: env.SKIP == '0' && github.ref == 'refs/heads/main'
run: |
set -euxo pipefail
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
docker push "$img:$tag"
docker push "$img:latest"