Skip to content

Commit

Permalink
Merge pull request #117 from wiremock/better-snyk-scanning
Browse files Browse the repository at this point in the history 
Try and use correct dockerfile & .snyk file in GHA
  • Loading branch information
@Mahoney
Mahoney authored Sep 13, 2024
2 parents 27e02a3 + 7c1b4cb commit c76eba3
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 13 deletions.
12 changes: 12 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
version: 2
updates:

- package-ecosystem: "docker"
directory: "/"
schedule:
interval: "weekly"

- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
14 changes: 8 additions & 6 deletions .github/workflows/container-image-scan.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,11 @@ jobs:

strategy:
matrix:
image:
- ghcr.io/wiremock/wiremock:${{ inputs.image_version }}
- ghcr.io/wiremock/wiremock:${{ inputs.image_version }}-alpine
versions:
- CONTEXT: .
image: ghcr.io/wiremock/wiremock:${{ inputs.image_version }}
- CONTEXT: alpine
image: ghcr.io/wiremock/wiremock:${{ inputs.image_version }}-alpine

steps:
- uses: actions/checkout@v4
Expand All @@ -31,13 +33,13 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }}

- name: Pull image to check we've got it
run: docker pull ${{ matrix.image }}
run: docker pull ${{ matrix.versions.image }}

- name: Run Snyk to check Docker image for vulnerabilities
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: ${{ matrix.image }}
image: ${{ matrix.versions.image }}
command: test
args: --file=Dockerfile --severity-threshold=high --fail-on=upgradable --org=f310ee2f-5552-444d-84ee-ec8c44c33adb
args: --file=${{ matrix.versions.CONTEXT }}/Dockerfile --severity-threshold=high --fail-on=upgradable --org=f310ee2f-5552-444d-84ee-ec8c44c33adb --policy-path=${{ matrix.versions.CONTEXT }}/.snyk
16 changes: 9 additions & 7 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ jobs:
- ghcr.io/wiremock/wiremock:${{ needs.check-new-version.outputs.new_version }}-alpine
PLATFORMS:
- linux/amd64

steps:

- name: Set up QEMU
Expand Down Expand Up @@ -152,21 +152,23 @@ jobs:
if: needs.check-new-version.outputs.new_version
strategy:
matrix:
image:
- wiremock/wiremock:${{ needs.check-new-version.outputs.new_version }}
- wiremock/wiremock:${{ needs.check-new-version.outputs.new_version }}-alpine
versions:
- CONTEXT: .
image: wiremock/wiremock:${{ needs.check-new-version.outputs.new_version }}
- CONTEXT: alpine
image: wiremock/wiremock:${{ needs.check-new-version.outputs.new_version }}-alpine

steps:
- uses: actions/checkout@v4

- name: Pull image to check we've got it
run: docker pull ${{ matrix.image }}
run: docker pull ${{ matrix.versions.image }}

- name: Run Snyk to monitor Docker image for vulnerabilities
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: ${{ matrix.image }}
image: ${{ matrix.versions.image }}
command: monitor
args: --file=Dockerfile --org=f310ee2f-5552-444d-84ee-ec8c44c33adb --project-name=wiremock-docker
args: --file=${{ matrix.versions.CONTEXT }}/Dockerfile --org=f310ee2f-5552-444d-84ee-ec8c44c33adb --project-name=wiremock-docker --policy-path=${{ matrix.versions.CONTEXT }}/.snyk

0 comments on commit c76eba3

Please sign in to comment.