Skip to content

Commit

Permalink
Update MINIO/MC and make trivy fail on error
Browse files Browse the repository at this point in the history
  • Loading branch information
@jmthomas
jmthomas committed Dec 19, 2024
1 parent e9ecd6e commit 9928d96
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 2 deletions.
13 changes: 13 additions & 0 deletions .github/workflows/trivy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ jobs:
openc3-scan:
if: ${{ github.actor != 'dependabot[bot]' }}
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v4
- name: openc3.sh build
Expand All @@ -34,6 +36,7 @@ jobs:
with:
image-ref: "docker.io/openc3inc/openc3-ruby:${{ github.sha }}"
format: "sarif"
exit-code: 1
output: "trivy-ruby.sarif"
ignore-unfixed: true
vuln-type: "os,library"
Expand All @@ -49,6 +52,7 @@ jobs:
with:
image-ref: "docker.io/openc3inc/openc3-node:${{ github.sha }}"
format: "sarif"
exit-code: 1
output: "trivy-node.sarif"
ignore-unfixed: true
vuln-type: "os,library"
Expand All @@ -64,6 +68,7 @@ jobs:
with:
image-ref: "docker.io/openc3inc/openc3-base:${{ github.sha }}"
format: "sarif"
exit-code: 1
output: "trivy-base.sarif"
ignore-unfixed: true
vuln-type: "os,library"
Expand All @@ -79,6 +84,7 @@ jobs:
with:
image-ref: "docker.io/openc3inc/openc3-cosmos-init:${{ github.sha }}"
format: "sarif"
exit-code: 1
output: "trivy-init.sarif"
ignore-unfixed: true
vuln-type: "os,library"
Expand All @@ -94,6 +100,7 @@ jobs:
with:
image-ref: "docker.io/openc3inc/openc3-redis:${{ github.sha }}"
format: "sarif"
exit-code: 1
output: "trivy-redis.sarif"
ignore-unfixed: true
vuln-type: "os,library"
Expand All @@ -109,6 +116,7 @@ jobs:
with:
image-ref: "docker.io/openc3inc/openc3-minio:${{ github.sha }}"
format: "sarif"
exit-code: 1
output: "trivy-minio.sarif"
ignore-unfixed: true
vuln-type: "os,library"
Expand All @@ -124,6 +132,7 @@ jobs:
with:
image-ref: "docker.io/openc3inc/openc3-operator:${{ github.sha }}"
format: "sarif"
exit-code: 1
output: "trivy-operator.sarif"
ignore-unfixed: true
vuln-type: "os,library"
Expand All @@ -139,6 +148,7 @@ jobs:
with:
image-ref: "docker.io/openc3inc/openc3-cosmos-cmd-tlm-api:${{ github.sha }}"
format: "sarif"
exit-code: 1
output: "trivy-cmd-tlm-api.sarif"
ignore-unfixed: true
vuln-type: "os,library"
Expand All @@ -154,6 +164,7 @@ jobs:
with:
image-ref: "docker.io/openc3inc/openc3-cosmos-script-runner-api:${{ github.sha }}"
format: "sarif"
exit-code: 1
output: "trivy-script-runner-api.sarif"
ignore-unfixed: true
vuln-type: "os,library"
Expand All @@ -169,6 +180,7 @@ jobs:
with:
image-ref: "docker.io/openc3inc/openc3-traefik:${{ github.sha }}"
format: "sarif"
exit-code: 1
output: "trivy-traefik.sarif"
ignore-unfixed: true
vuln-type: "os,library"
Expand All @@ -184,6 +196,7 @@ jobs:
with:
scan-type: "fs"
format: "github"
exit-code: 1
output: "dependency-results.sbom.json"
image-ref: "."
github-pat: ${{ secrets.GITHUB_TOKEN }}
Expand Down
2 changes: 1 addition & 1 deletion openc3-cosmos-init/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ ARG OPENC3_NAMESPACE=openc3inc
ARG OPENC3_TAG=latest
ARG OPENC3_NODE_IMAGE=openc3-node
ARG OPENC3_BASE_IMAGE=openc3-base
ARG OPENC3_MC_RELEASE=RELEASE.2024-04-29T09-56-05Z
ARG OPENC3_MC_RELEASE=RELEASE.2024-11-21T17-21-54Z

FROM ${OPENC3_DEPENDENCY_REGISTRY}/minio/mc:${OPENC3_MC_RELEASE} AS minio-mc
FROM ${OPENC3_REGISTRY}/${OPENC3_NAMESPACE}/${OPENC3_NODE_IMAGE}:${OPENC3_TAG} AS openc3-frontend-tmp
Expand Down
2 changes: 1 addition & 1 deletion openc3-minio/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
ARG OPENC3_DEPENDENCY_REGISTRY=docker.io
ARG OPENC3_MINIO_RELEASE=RELEASE.2024-06-22T05-26-45Z
ARG OPENC3_MINIO_RELEASE=RELEASE.2024-12-18T13-15-44Z
FROM ${OPENC3_DEPENDENCY_REGISTRY}/minio/minio:${OPENC3_MINIO_RELEASE}

COPY cacert.pem /devel/cacert.pem
Expand Down

0 comments on commit 9928d96

Please sign in to comment.