Skip to content
dockerfile linting

chore(deps): bump nginx from 1.25.4 to 1.25.5 #183

Sign in to view logs

chore(deps): bump nginx from 1.25.4 to 1.25.5

chore(deps): bump nginx from 1.25.4 to 1.25.5 #183

Workflow file for this run

.github/workflows/pr.yaml at bc22a33
on: pull_request
name: dockerfile linting
jobs:
golanglint:
name: golang lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.3.4
- uses: hazcod/action-golangci-lint@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
directory: healthcheck
dockerfilelint:
name: dockerfile lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.3.4
- name: hadolint
uses: burdzwastaken/hadolint-action@1.10.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HADOLINT_ACTION_DOCKERFILE_FOLDER: .
dockerbuild:
name: docker build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.3.4
- name: extract tag
id: vars
run: echo ::set-output name=nginx_version::$(grep '^FROM nginx' Dockerfile | cut -d ' ' -f 2 | cut -d ':' -f 2)
- name: docker build
run: docker build . --file Dockerfile --tag image:${{ steps.vars.outputs.nginx_version }}
dockerscan:
name: docker security scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.3.4
- name: docker build
run: docker build . --file Dockerfile --tag image
- name: cached scan db
uses: actions/cache@v2.1.7
with:
path: vulndb/
key: trivy-vulndb
- name: run security scan
env:
DISTRO: debian
run: |
docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock \
-v "$(pwd)/vulndb/":/root/.cache/ \
aquasec/trivy --severity HIGH,CRITICAL,MEDIUM --no-progress --only-update $DISTRO --ignore-unfixed --exit-code 1 --cache-dir /root/.cache/ image
docker run --rm -v "$(pwd)/vulndb/":/root/.cache/ alpine:latest chmod 777 -R /root/.cache/