Skip to content

Commit

Permalink
feat: adds image scanning between build and push
Browse files Browse the repository at this point in the history 
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
  • Loading branch information
@jpower432
jpower432 committed Dec 4, 2023
1 parent 0711c78 commit d1d56e6
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions .github/workflows/publish.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,20 @@ jobs:
run: echo "TAG=$INPUT_VERSION" >> "$GITHUB_ENV"
env:
INPUT_VERSION: ${{ github.event.inputs.tag }}

- name: Build and export to Docker
uses: docker/build-push-action@v5
with:
load: true
tags: ${{ env.IMAGE_REGISTRY }}/${{ vars.QUAY_ORG }}/${{ env.IMAGE_NAME }}:${{ env.TAG }}

- name: Pre-push Image Scan
uses: aquasecurity/trivy-action@0.14.0
with:
image-ref: ${{ env.IMAGE_REGISTRY }}/${{ vars.QUAY_ORG }}/${{ env.IMAGE_NAME }}:${{ env.TAG }}
exit-code: 1
scanners: secret
severity: HIGH,CRITICAL,MEDIUM

- name: Build and Push
uses: docker/build-push-action@v5
Expand Down

0 comments on commit d1d56e6

Please sign in to comment.