Skip to content

Twice daily build ClamAV with up-to-date virus DB #1740

Twice daily build ClamAV with up-to-date virus DB

Twice daily build ClamAV with up-to-date virus DB #1740

Workflow file for this run

name: Twice daily build ClamAV with up-to-date virus DB
on:
schedule:
- cron: '0 4/12 * * *'
env:
REGISTRY: ghcr.io
jobs:
build_scan_push:
name: ClamAV-daily
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
dockerfile-dir:
- hmpps-clamav
permissions:
packages: write
contents: read
security-events: write
steps:
- name: Check out the repo
uses: actions/checkout@v3
- name: Docker metadata
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ matrix.dockerfile-dir }}-freshclammed
flavor: |
latest=true
tags: |
type=schedule
type=ref,event=branch
type=ref,event=tag
type=ref,event=pr
type=sha
- name: Log in to GitHub container registry
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build container image
uses: docker/build-push-action@v3
with:
file: ./${{ matrix.dockerfile-dir }}/Dockerfile.freshclammed
context: ./${{ matrix.dockerfile-dir }}
pull: true
push: false
tags: |
${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ matrix.dockerfile-dir }}-freshclammed:${{ github.sha }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ matrix.dockerfile-dir }}-freshclammed:${{ github.sha }}
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
timeout: 15m
- name: Push container image to repository
if: ${{ success() && github.ref == 'refs/heads/main' }}
uses: docker/build-push-action@v3
with:
file: ./${{ matrix.dockerfile-dir }}/Dockerfile.freshclammed
context: ./${{ matrix.dockerfile-dir }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
push: true
- name: Slack notification
id: slack
if: ${{ failure() }}
uses: slackapi/slack-github-action@v1.23.0
with:
channel-id: ${{ secrets.SLACK_GITHUB_ALERTS }}
slack-message: "_Job:_ ${{ github.job }}\n_Status:_ ${{ job.status }}\n_Workflow:_ ${{ github.workflow }}\n_Repo:_ ${{ github.repository }}\n<https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|View on github>\n"
env:
SLACK_BOT_TOKEN: ${{ secrets.HMPPS_SLACK_BOT_TOKEN }}