This repository has been archived by the owner on Nov 8, 2023. It is now read-only.
Bump rabbitmq from 3.12.0-management-alpine to 3.12.8-management-alpine #57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build and scan container | |
| on: | |
| pull_request: | |
| jobs: | |
| build: | |
| name: Build PR image | |
| runs-on: ubuntu-20.04 | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Log in to the Github Container registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build container | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository }}:PR${{ github.event.number }} | |
| ghcr.io/${{ github.repository }}:sha-${{ github.sha }} | |
| labels: | | |
| org.opencontainers.image.source=${{ github.event.repository.clone_url }} | |
| org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ') | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@41f05d9ecffa2ed3f1580af306000f734b733e54 | |
| with: | |
| image-ref: ghcr.io/${{ github.repository }}:sha-${{ github.sha }} | |
| format: "sarif" | |
| hide-progress: true | |
| ignore-unfixed: true | |
| output: 'trivy-results.sarif' | |
| severity: "CRITICAL,HIGH" | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: 'trivy-results.sarif' |