From fad310ef0b473c69364ebf857479beae16127903 Mon Sep 17 00:00:00 2001 From: bio-boris Date: Tue, 5 Nov 2024 11:14:58 -0600 Subject: [PATCH 1/4] Remove trivy --- .github/workflows/pr_build.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml index 0fa1c464..37e4e92d 100644 --- a/.github/workflows/pr_build.yml +++ b/.github/workflows/pr_build.yml @@ -37,7 +37,3 @@ jobs: name: '${{ github.event.repository.name }}' tags: pr-${{ github.event.number }},latest-rc secrets: inherit - trivy-scans: - if: (github.base_ref == 'develop' || github.base_ref == 'main' || github.base_ref == 'master' ) && github.event.pull_request.merged == false - uses: kbase/.github/.github/workflows/reusable_trivy-scans.yml@main - secrets: inherit From 391ed1122a2bf72733d8ed4f24f52267b8bf0ca1 Mon Sep 17 00:00:00 2001 From: bio-boris Date: Tue, 5 Nov 2024 11:19:24 -0600 Subject: [PATCH 2/4] Update check_build.yml --- .github/workflows/check_build.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/check_build.yml b/.github/workflows/check_build.yml index 5f13de01..f4c0bbcb 100644 --- a/.github/workflows/check_build.yml +++ b/.github/workflows/check_build.yml @@ -14,8 +14,18 @@ jobs: name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Build and push + name: Build uses: docker/build-push-action@v6 with: push: false - tags: ee2/test:test \ No newline at end of file + tags: 'docker.io/kbase/ee2:${{ github.sha }}' + - + name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.28.0 + with: + image-ref: 'docker.io/kbase/ee2:${{ github.sha }}' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' From 94547891cddf26914aa156cd652cf21125f4e09e Mon Sep 17 00:00:00 2001 From: bio-boris Date: Thu, 7 Nov 2024 14:02:26 -0600 Subject: [PATCH 3/4] Update check_build.yml --- .github/workflows/check_build.yml | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/.github/workflows/check_build.yml b/.github/workflows/check_build.yml index f4c0bbcb..680397ed 100644 --- a/.github/workflows/check_build.yml +++ b/.github/workflows/check_build.yml @@ -6,24 +6,31 @@ on: jobs: docker: runs-on: ubuntu-latest - steps: + services: + registry: + image: registry:2 + ports: + - 5000:5000 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - - name: Build + + - + name: Build and Push to Local Registry uses: docker/build-push-action@v6 with: - push: false - tags: 'docker.io/kbase/ee2:${{ github.sha }}' + push: true + tags: localhost:5000/ee2/test:latest + + - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.28.0 with: - image-ref: 'docker.io/kbase/ee2:${{ github.sha }}' + image-ref: 'localhost:5000/ee2/test:latest' format: 'table' exit-code: '1' ignore-unfixed: true From 7df183368342803eb80cc815f1c32e83ca4d5577 Mon Sep 17 00:00:00 2001 From: bio-boris Date: Thu, 7 Nov 2024 14:03:04 -0600 Subject: [PATCH 4/4] Update check_build.yml --- .github/workflows/check_build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/check_build.yml b/.github/workflows/check_build.yml index 680397ed..1cb8c1f2 100644 --- a/.github/workflows/check_build.yml +++ b/.github/workflows/check_build.yml @@ -11,6 +11,7 @@ jobs: image: registry:2 ports: - 5000:5000 + steps: - name: Set up QEMU uses: docker/setup-qemu-action@v3