diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5fea035c..9df373eb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -386,8 +386,8 @@ jobs: docker_hub: runs-on: ubuntu-latest - needs: - - github_release +# needs: +# - github_release steps: - name: Checkout uses: actions/checkout@v4 @@ -414,13 +414,44 @@ jobs: username: ${{ secrets.DOCKER_HUB_CI_USER }} password: ${{ secrets.DOCKER_HUB_CI_PASSWORD }} - - name: Build and push - uses: docker/build-push-action@v5 + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v4 with: - push: true - context: agent - platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le - tags: ${{ github.repository_owner }}/autoinstrumentation-java:${{ steps.set_version.outputs.version }},${{ github.repository_owner }}/autoinstrumentation-java:latest + images: ${{ github.repository_owner }}/autoinstrumentation-java + tags: | + type=raw,value=${{ steps.set_version.outputs.version }} + type=raw,value=latest + labels: | + maintainer=swo-librarians + org.opencontainers.image.title=apm-java + org.opencontainers.image.description=Solarwinds OTEL distro Java agent + org.opencontainers.image.vendor=SolarWinds Worldwide, LLC + +# - name: Build and push +# uses: docker/build-push-action@v5 +# with: +# push: true +# context: agent +# platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le +# tags: ${{ steps.meta.outputs.tags }} +# labels: ${{ steps.meta.outputs.labels }} + + - name: Analyze for critical and high CVEs + id: docker-scout-cves + uses: docker/scout-action@v1 + with: + command: cves + image: ${{ steps.meta.outputs.tags }} + sarif-file: sarif.output.json + platform: "linux/amd64" + summary: true + + - name: Upload SARIF result + id: upload-sarif + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: sarif.output.json ghrc_io: runs-on: ubuntu-latest