Skip to content

Tmp disable trivy for dev job #790

Tmp disable trivy for dev job

Tmp disable trivy for dev job #790

Workflow file for this run

---
#########################
#########################
## Deploy Docker Image ##
#########################
#########################
#
# Documentation:
# https://help.github.com/en/articles/workflow-syntax-for-github-actions
#
#######################################
# Start the job on all push to main #
#######################################
name: "Build & Deploy - BETA"
on:
push:
branches:
- "main"
paths:
- ".github/workflows/**"
- "Dockerfile"
- "flavors/**"
- "megalinter/**"
- "mega-linter-runner/**"
- "**/linter-versions.json"
- "TEMPLATES/**"
- ".trivyignore"
- "**/.sh"
###############
# Set the Job #
###############
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
jobs:
build:
# Name the Job
name: Deploy Docker Image - BETA
# Set the agent to run on
runs-on: ubuntu-latest
permissions:
packages: write
# Only run this on the main repo
if: github.repository == 'oxsecurity/megalinter' && !contains(github.event.head_commit.message, 'skip deploy')
environment:
name: beta
##################
# Load all steps #
##################
steps:
##########################
# Checkout the code base #
##########################
- name: Checkout Code
uses: actions/checkout@v3
########################################################
# Publish updated version of mega-linter-runner on NPM #
########################################################
- uses: actions/[email protected]
with:
node-version: "16.x"
registry-url: "https://registry.npmjs.org"
- run: cd mega-linter-runner && yarn install --frozen-lockfile
- run: cd mega-linter-runner && BETAID=$(date '+%Y%m%d%H%M') && npm version prerelease --preid="beta$BETAID"
shell: bash
- run: cd mega-linter-runner && npm publish --tag beta || echo "mega-linter-runner beta not published"
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Get current date
run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> ${GITHUB_ENV}
- name: Build & Push Docker Image
uses: docker/build-push-action@v4
with:
context: .
file: Dockerfile
platforms: linux/amd64
build-args: |
BUILD_DATE=${{ env.BUILD_DATE }}
BUILD_REVISION=${{ github.sha }}
BUILD_VERSION=beta
load: false
push: true
secrets: |
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
tags: |
oxsecurity/megalinter:beta
ghcr.io/oxsecurity/megalinter:beta
# Free disk space
- name: Free Disk space
shell: bash
run: |
sudo rm -rf /usr/local/lib/android # will release about 10 GB if you don't need Android
sudo rm -rf /usr/share/dotnet # will release about 20GB if you don't need .NET
- name: Build & Push Docker Worker Image
uses: docker/build-push-action@v4
with:
context: .
file: Dockerfile-worker
platforms: linux/amd64
build-args: |
MEGALINTER_BASE_IMAGE=ghcr.io/oxsecurity/megalinter:beta
BUILD_DATE=${{ env.BUILD_DATE }}
BUILD_REVISION=${{ github.sha }}
BUILD_VERSION=beta
load: false
push: true
secrets: |
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
tags: |
oxsecurity/megalinter-worker:beta
ghcr.io/oxsecurity/megalinter-worker:beta
###############################
# Run tests for code coverage #
###############################
- name: Run Test Cases and code coverage
shell: bash
run: |
export CI_ENV="$(bash <(curl -s https://codecov.io/env)) -e GITHUB_ACTIONS"
echo "CI_ENV=${CI_ENV}"
docker run $CI_ENV -e TEST_CASE_RUN=true -e OUTPUT_FORMAT=text -e OUTPUT_FOLDER=${{ github.sha }} -e OUTPUT_DETAIL=detailed -e GITHUB_SHA=${{ github.sha }} -e GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}" -e MEGALINTER_VOLUME_ROOT="${GITHUB_WORKSPACE}" -v "/var/run/docker.sock:/var/run/docker.sock:rw" -v ${GITHUB_WORKSPACE}:/tmp/lint oxsecurity/megalinter:beta
timeout-minutes: 60
##############################################
# Check Docker image security with Trivy #
##############################################
# - name: Run Trivy vulnerability scanner
# uses: aquasecurity/trivy-action@master
# with:
# image-ref: "docker.io/oxsecurity/megalinter:beta"
# format: 'table'
# exit-code: '1'
# ignore-unfixed: true
# scanners: vuln
# vuln-type: 'os,library'
# severity: 'CRITICAL,HIGH'
# timeout: 10m0s