From 0001a31c5905551241221dbb3cde91ba7778cbde Mon Sep 17 00:00:00 2001 From: Jacques ROUSSEL Date: Thu, 26 Sep 2024 17:06:11 +0200 Subject: [PATCH] use action --- .github/workflows/docker-hub.yml | 82 +++++--------------------------- 1 file changed, 12 insertions(+), 70 deletions(-) diff --git a/.github/workflows/docker-hub.yml b/.github/workflows/docker-hub.yml index fda4069..58d545c 100644 --- a/.github/workflows/docker-hub.yml +++ b/.github/workflows/docker-hub.yml @@ -50,37 +50,16 @@ jobs: if: github.event_name != 'pull_request' run: echo "$DOCKER_HUB_PASSWORD" | docker login -u "$DOCKER_HUB_USER" --password-stdin - - name: Build an image from Dockerfile - run: | - docker build --target backend-production -t docker.io/lasuite/meet-backend:${{ github.sha }} . - - - name: Get Date - id: get-date - run: | - echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT - shell: bash - - - uses: actions/cache@v4 + name: Run trivy scan + uses: numerique-gouv/action-trivy-cache@main with: - path: trivy - key: ${{ steps.get-date.outputs.date }} + docker-build-args: '--target backend-production -f Dockerfile' + docker-image-name: 'docker.io/lasuite/meet-backend:${{ github.sha }}' + save-cache: 'true' - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.20.0 - with: - image-ref: 'docker.io/lasuite/meet-backend:${{ github.sha }}' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' - cache-dir: trivy - - - name: Fix trivy cache folder permission - if: always() + name: Build an image from Dockerfile run: | - sudo chown -R 1001:127 trivy - shell: bash + docker build --target backend-production -t docker.io/lasuite/meet-backend:${{ github.sha }} . - name: Build and push uses: docker/build-push-action@v5 @@ -91,12 +70,6 @@ jobs: push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - - - uses: actions/cache/save@v3 - if: always() - with: - path: trivy - key: ${{ steps.get-date.outputs.date }} build-and-push-frontend: runs-on: ubuntu-latest @@ -132,37 +105,12 @@ jobs: if: github.event_name != 'pull_request' run: echo "$DOCKER_HUB_PASSWORD" | docker login -u "$DOCKER_HUB_USER" --password-stdin - - name: Build an image from Dockerfile - run: | - docker build -f src/frontend/Dockerfile -t docker.io/lasuite/meet-frontend:${{ github.sha }} . - - - name: Get Date - id: get-date - run: | - echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT - shell: bash - - - uses: actions/cache@v4 + name: Run trivy scan + uses: numerique-gouv/action-trivy-cache@main with: - path: trivy - key: ${{ steps.get-date.outputs.date }} - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.20.0 - with: - image-ref: 'docker.io/lasuite/meet-frontend:${{ github.sha }}' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' - cache-dir: trivy - - - name: Fix trivy cache folder permission - if: always() - run: | - sudo chown -R 1001:127 trivy - shell: bash + docker-build-args: '-f src/frontend/Dockerfile' + docker-image-name: 'docker.io/lasuite/meet-frontend:${{ github.sha }}' + save-cache: 'false' - name: Build and push uses: docker/build-push-action@v5 @@ -174,12 +122,6 @@ jobs: push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - - - uses: actions/cache/save@v3 - if: always() - with: - path: trivy - key: ${{ steps.get-date.outputs.date }} notify-argocd: needs: