feat: update ci/cd, migrate to zot container registry
Some checks failed
Lint, Build, Scan and Publish Docker Image / build-and-push (push) Failing after 1m44s
Some checks failed
Lint, Build, Scan and Publish Docker Image / build-and-push (push) Failing after 1m44s
This commit is contained in:
@@ -14,28 +14,35 @@ jobs:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: install Trivy Security scanner
|
||||
run: |
|
||||
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
|
||||
|
||||
- name: Lint & Format Check python code with ruff
|
||||
uses: astral-sh/ruff-action@v3
|
||||
|
||||
- name: Lint Dockerfile (Hadolint)
|
||||
uses: hadolint/hadolint-action@v3.1.0
|
||||
with:
|
||||
dockerfile: Dockerfile
|
||||
|
||||
- name: Security Lint Dockerfile (Trivy)
|
||||
run: |
|
||||
trivy config --exit-code 1 --severity CRITICAL,HIGH .
|
||||
# - name: install Trivy Security scanner
|
||||
# run: |
|
||||
# curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
|
||||
#
|
||||
# - name: Lint & Format Check python code with ruff
|
||||
# uses: astral-sh/ruff-action@v3
|
||||
#
|
||||
# - name: Lint Dockerfile (Hadolint)
|
||||
# uses: hadolint/hadolint-action@v3.1.0
|
||||
# with:
|
||||
# dockerfile: Dockerfile
|
||||
#
|
||||
# - name: Security Lint Dockerfile (Trivy)
|
||||
# run: |
|
||||
# trivy config --exit-code 1 --severity CRITICAL,HIGH .
|
||||
#
|
||||
# - name: Log in to Gitea Container Registry
|
||||
# uses: docker/login-action@v3
|
||||
# with:
|
||||
# registry: git.br0tkasten.de
|
||||
# username: ${{ secrets.PACKAGE_USER }}
|
||||
# password: ${{ secrets.PACKAGE_TOKEN }}
|
||||
|
||||
- name: Log in to Gitea Container Registry
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: git.br0tkasten.de
|
||||
username: ${{ secrets.PACKAGE_USER }}
|
||||
password: ${{ secrets.PACKAGE_TOKEN }}
|
||||
registry: registry.br0tkasten.de
|
||||
username: ${{ secrets.REGISTRY_USER }}
|
||||
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||
|
||||
- name: Extract metadata (tags, labels) for Docker
|
||||
id: meta
|
||||
@@ -56,9 +63,9 @@ jobs:
|
||||
load: true # This loads the image into the local docker daemon for Trivy to find
|
||||
tags: local_scan_target:${{ github.sha }}
|
||||
|
||||
- name: Run Trivy scanner (Binary Mode)
|
||||
run: |
|
||||
trivy image --exit-code 1 --severity CRITICAL,HIGH --ignore-unfixed --server http://trivy-server:8080 local_scan_target:${{ github.sha }}
|
||||
# - name: Run Trivy scanner (Binary Mode)
|
||||
# run: |
|
||||
# trivy image --exit-code 1 --severity CRITICAL,HIGH --ignore-unfixed --server http://trivy-server:8080 local_scan_target:${{ github.sha }}
|
||||
|
||||
- name: Build and push Docker image
|
||||
uses: docker/build-push-action@v5
|
||||
|
||||
Reference in New Issue
Block a user