diff --git a/.github/workflows/cicd-prd.yaml b/.github/workflows/cicd-prd.yaml index 3a27169a..a2364a75 100644 --- a/.github/workflows/cicd-prd.yaml +++ b/.github/workflows/cicd-prd.yaml @@ -9,6 +9,7 @@ jobs: permissions: id-token: write contents: write + security-events: write runs-on: ubuntu-22.04 if: github.actor != 'dependabot[bot]' name: "Build image" @@ -29,7 +30,7 @@ jobs: uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - name: Docker build and push in production - uses: Zilliqa/gh-actions-workflows/actions/ci-dockerized-app-build-push@v2 + uses: Zilliqa/gh-actions-workflows/actions/ci-dockerized-app-build-push@v3 with: context: . file: ./packages/observability-mcp/Dockerfile @@ -41,6 +42,7 @@ jobs: workload-identity-provider: "${{ secrets.GCP_PRD_GITHUB_WIF }}" service-account: "${{ secrets.GCP_PRD_GITHUB_SA_DOCKER_REGISTRY }}" cache-key: ${{ env.IMAGE_NAME }}-cache + trivy-scan: true deploy: needs: [build] diff --git a/.github/workflows/cicd-stg.yaml b/.github/workflows/cicd-stg.yaml index 936fc46a..1be444cb 100644 --- a/.github/workflows/cicd-stg.yaml +++ b/.github/workflows/cicd-stg.yaml @@ -13,6 +13,7 @@ jobs: permissions: id-token: write contents: write + security-events: write runs-on: ubuntu-22.04 if: github.actor != 'dependabot[bot]' name: "Build image" @@ -33,7 +34,7 @@ jobs: uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - name: Docker build and push in staging - uses: Zilliqa/gh-actions-workflows/actions/ci-dockerized-app-build-push@v2 + uses: Zilliqa/gh-actions-workflows/actions/ci-dockerized-app-build-push@v3 with: context: . file: ./packages/observability-mcp/Dockerfile @@ -45,6 +46,7 @@ jobs: workload-identity-provider: "${{ secrets.GCP_PRD_GITHUB_WIF }}" service-account: "${{ secrets.GCP_STG_GITHUB_SA_DOCKER_REGISTRY }}" cache-key: ${{ env.IMAGE_NAME }}-cache + trivy-scan: true deploy: needs: [build]