Skip to content
OS Security

Add row/column for text page to two-thirds width #1945

Sign in to view logs

Add row/column for text page to two-thirds width

Add row/column for text page to two-thirds width #1945

Workflow file for this run

.github/workflows/trivy.yml at 4ec1f73
---
# ------------------------------------------------------------------------------
# https://github.com/aquasecurity/trivy
# https://github.com/aquasecurity/trivy-action#inputs
#
# Build image:
# ghcr.io/dfe-digital/early-years-foundation-recovery:latest
#
name: OS Security
on:
push:
paths:
- Dockerfile
env:
REGISTRY: ghcr.io/dfe-digital/early-years-foundation-recovery
jobs:
build:
name: Build and validate Docker image
runs-on: ubuntu-latest
steps:
-
name: Checkout Code
uses: actions/checkout@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
platforms: linux/amd64,linux/arm64
-
name: Login to Github Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Build and push Docker image (dependencies)
uses: docker/build-push-action@v4
with:
target: deps
context: .
push: true
build-args: |
BUILDKIT_INLINE_CACHE=1
SHA=${{ github.sha }}
cache-from: |
${{ env.REGISTRY }}:deps
tags: |
${{ env.REGISTRY }}:deps
-
name: Build and push Docker image (application)
uses: docker/build-push-action@v4
with:
target: app
context: .
push: true
build-args: |
BUILDKIT_INLINE_CACHE=1
SHA=${{ github.sha }}
cache-from: |
${{ env.REGISTRY }}:${{ github.sha }}
${{ env.REGISTRY }}:latest
tags: |
${{ env.REGISTRY }}:${{ github.sha }}
-
name: Run Trivy vulnerability scanner
uses: aquasecurity/[email protected]
with:
image-ref: ${{ env.REGISTRY }}:${{ github.sha }}
format: table
exit-code: 1
ignore-unfixed: true
vuln-type: os,library
severity: CRITICAL,HIGH