Skip to content

trivy

trivy #362

Workflow file for this run

name: 'Alpha Build'
on:
push:
branches: [541/wpcc]
jobs:
frontend:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Read VERSION
id: package
uses: martinbeentjes/npm-get-version-action@master
- name: Echo VERSION
run: echo ${{ steps.package.outputs.current-version }}
- name: Setup QEMU
uses: docker/setup-qemu-action@v2
with:
platforms: all
- name: Setup BuildX
uses: docker/setup-buildx-action@v2
id: buildx
with:
install: true
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_NEW_USERNAME }}
password: ${{ secrets.DOCKER_NEW_PASSWORD }}
- name: Build and push Frontend
uses: docker/build-push-action@v4
with:
builder: ${{ steps.buildx.outputs.name }}
file: frontend/Dockerfile
context: frontend
tags: retrospected/frontend:alpha
platforms: linux/amd64
push: true
backend:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Read VERSION
id: package
uses: martinbeentjes/npm-get-version-action@master
- name: Echo VERSION
run: echo ${{ steps.package.outputs.current-version }}
- name: Setup QEMU
uses: docker/setup-qemu-action@v2
with:
platforms: all
- name: Setup BuildX
uses: docker/setup-buildx-action@v2
id: buildx
with:
install: true
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_NEW_USERNAME }}
password: ${{ secrets.DOCKER_NEW_PASSWORD }}
- name: Build and push Backend
uses: docker/build-push-action@v4
with:
builder: ${{ steps.buildx.outputs.name }}
file: backend/Dockerfile
context: backend
tags: retrospected/backend:alpha
platforms: linux/amd64
push: true
marketing:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Read VERSION
id: package
uses: martinbeentjes/npm-get-version-action@master
- name: Echo VERSION
run: echo ${{ steps.package.outputs.current-version }}
- name: Setup QEMU
uses: docker/setup-qemu-action@v2
with:
platforms: all
- name: Setup BuildX
uses: docker/setup-buildx-action@v2
id: buildx
with:
install: true
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_NEW_USERNAME }}
password: ${{ secrets.DOCKER_NEW_PASSWORD }}
- name: Build and push Marketing
uses: docker/build-push-action@v4
with:
builder: ${{ steps.buildx.outputs.name }}
file: marketing/Dockerfile
context: marketing
tags: retrospected/marketing:alpha
platforms: linux/amd64
push: true
documentation:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Read VERSION
id: package
uses: martinbeentjes/npm-get-version-action@master
- name: Echo VERSION
run: echo ${{ steps.package.outputs.current-version }}
- name: Setup QEMU
uses: docker/setup-qemu-action@v2
with:
platforms: all
- name: Setup BuildX
uses: docker/setup-buildx-action@v2
id: buildx
with:
install: true
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_NEW_USERNAME }}
password: ${{ secrets.DOCKER_NEW_PASSWORD }}
- name: Build and push Documentation
uses: docker/build-push-action@v4
with:
builder: ${{ steps.buildx.outputs.name }}
file: docs/Dockerfile
context: docs
tags: retrospected/docs:alpha
platforms: linux/amd64
push: true
integration:
runs-on: ubuntu-latest
needs: [frontend, backend]
steps:
- uses: actions/checkout@v3
- name: Run Integration Tests
run: docker-compose -f ./integration/docker-compose.ci.alpha.yml up --exit-code-from cypress
- uses: actions/upload-artifact@v3
if: always()
with:
name: Test videos
path: integration/cypress/videos
retention-days: 14
trivy:
runs-on: ubuntu-latest
needs: [frontend, backend, marketing]
steps:
- name: Trivy - Frontend
uses: aquasecurity/trivy-action@master
with:
image-ref: retrospected/frontend:alpha
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL'
- name: Trivy - Backend
uses: aquasecurity/trivy-action@master
with:
image-ref: retrospected/backend:alpha
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL'
- name: Trivy - Marketing
uses: aquasecurity/trivy-action@master
with:
image-ref: retrospected/marketing:alpha
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL'