fix(CVE): Bumped kork version to fix CVE-2022-22965 #110
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build operator flavor | |
| on: | |
| push: | |
| branches: | |
| - gen-manifests | |
| pull_request: | |
| env: | |
| GRADLE_OPTS: -Dorg.gradle.daemon=false -Xmx2g -Xms2g | |
| jobs: | |
| branch-build: | |
| env: | |
| GRADLE_ARGS: -Partifactory_user=${{secrets.ARTIFACTORY_USER}} -Partifactory_password=${{secrets.ARTIFACTORY_PASSWORD}} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: actions/setup-java@v1 | |
| with: | |
| java-version: 11 | |
| - uses: actions/cache@v1 | |
| with: | |
| path: ~/.gradle | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| - name: Build | |
| id: build | |
| run: | | |
| ./gradlew version --quiet | |
| version=$(cat build/version | head -1) | |
| echo "==== Building version: $version" | |
| ./gradlew installDist javadoc --stacktrace | |
| echo "##[set-output name=version;]$version" | |
| - name: Create Docker image | |
| run: | | |
| docker build . -t docker.io/armory/halyard:${{ steps.build.outputs.version }} -f Dockerfile.slim | |
| - name: Push images | |
| id: push_step | |
| run: | | |
| docker tag docker.io/armory/halyard:${{ steps.build.outputs.version }} armory-docker-local.jfrog.io/armory/halyard:${{ steps.build.outputs.version }} | |
| echo "Logging in to jfrog" | |
| docker login -u ${{ secrets.ARTIFACTORY_USER }} -p "${{ secrets.ARTIFACTORY_PASSWORD }}" armory-docker-local.jfrog.io | |
| docker push armory-docker-local.jfrog.io/armory/halyard:${{ steps.build.outputs.version }} | |
| echo "Logging in to dockerhub" | |
| docker login -u ${{ secrets.DOCKERHUB_USER }} -p "${{ secrets.DOCKERHUB_PASSWORD }}" docker.io | |
| docker tag docker.io/armory/halyard:${{ steps.build.outputs.version }} docker.io/armory/halyard:operator-dev | |
| docker push docker.io/armory/halyard:${{ steps.build.outputs.version }} | |
| docker push docker.io/armory/halyard:operator-dev | |
| echo "##[set-output name=image;]armory/halyard:${{ steps.build.outputs.version }}" | |
| - name: Upload to artifactory | |
| run: | | |
| ./gradlew artifactPublish $GRADLE_ARGS | |
| - name: Run Security Scan | |
| uses: armory-io/aquasec-scan-action@v0.0.10 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| username: ${{ secrets.AQUA_USER }} | |
| password: ${{ secrets.AQUA_PASSWORD }} | |
| url: https://aquasec.armory.io | |
| image: ${{ steps.push_step.outputs.image }} | |
| registry: Artifactory |