Skip to content

[Snyk] Security upgrade nginx from 1.25.2 to 1.25.3 #10

[Snyk] Security upgrade nginx from 1.25.2 to 1.25.3

[Snyk] Security upgrade nginx from 1.25.2 to 1.25.3 #10

Workflow file for this run

name: Docker
on:
push:
branches:
- main
paths-ignore:
- '.github/**'
release:
types: [published]
pull_request:
branches:
- main
paths-ignore:
- '.github/**'
workflow_dispatch:
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Dynamically find the image name
id: get-image-name
run: |
image_name=$(echo $GITHUB_REPOSITORY | cut -d '/' -f2 | sed -r 's/docker-//')
echo "::set-output name=image_name::$image_name"
- name: Checkout source code
uses: actions/checkout@v2
- name: Run tests
run: |
if [ -f docker-compose.test.yml ]; then
docker-compose --file docker-compose.test.yml build
docker-compose --file docker-compose.test.yml run sut
else
docker build . --file Dockerfile --tag ${{ steps.get-image-name.outputs.image_name }}
fi
- name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
uses: anchore/scan-action@v3
id: scan
with:
image: "${{ steps.get-image-name.outputs.image_name }}"
acs-report-enable: true
fail-build: false
severity-cutoff: high
- name: Upload Anchore Scan Report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
push:
needs: test
runs-on: ubuntu-latest
if: github.event_name == 'push' || github.event_name == 'release'
permissions:
contents: read
packages: write
steps:
- name: Dynamically find the image name
id: get-image-name
run: |
image_name=$(echo $GITHUB_REPOSITORY | cut -d '/' -f2 | sed -r 's/docker-//')
echo "::set-output name=image_name::$image_name"
- name: Checkout source code
uses: actions/checkout@v2
- name: Build image
run: docker build . --file Dockerfile --tag ${{ steps.get-image-name.outputs.image_name }}
- name: Log into registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Push image
run: |
IMAGE_ID=ghcr.io/${{ github.repository_owner }}/${{ steps.get-image-name.outputs.image_name }}
# Change all uppercase to lowercase
IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
# Strip git ref prefix from version
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
# Strip "v" prefix from tag name
[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
# Use Docker `latest` tag convention
[ "$VERSION" == "main" ] && VERSION=latest
echo IMAGE_ID=$IMAGE_ID
echo VERSION=$VERSION
docker tag ${{ steps.get-image-name.outputs.image_name }} $IMAGE_ID:$VERSION
docker push $IMAGE_ID:$VERSION