From ff7d7fe2d668bd5b3e23135edef8ae1352a4106b Mon Sep 17 00:00:00 2001 From: Robert Elliot Date: Fri, 13 Sep 2024 14:44:48 +0100 Subject: [PATCH 1/2] Try and use correct dockerfile & .snyk file in GHA --- .github/workflows/container-image-scan.yml | 14 ++++++++------ .github/workflows/release.yml | 16 +++++++++------- 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/.github/workflows/container-image-scan.yml b/.github/workflows/container-image-scan.yml index 5edd114..185bb48 100644 --- a/.github/workflows/container-image-scan.yml +++ b/.github/workflows/container-image-scan.yml @@ -16,9 +16,11 @@ jobs: strategy: matrix: - image: - - ghcr.io/wiremock/wiremock:${{ inputs.image_version }} - - ghcr.io/wiremock/wiremock:${{ inputs.image_version }}-alpine + versions: + - CONTEXT: . + image: ghcr.io/wiremock/wiremock:${{ inputs.image_version }} + - CONTEXT: alpine + image: ghcr.io/wiremock/wiremock:${{ inputs.image_version }}-alpine steps: - uses: actions/checkout@v4 @@ -31,13 +33,13 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Pull image to check we've got it - run: docker pull ${{ matrix.image }} + run: docker pull ${{ matrix.versions.image }} - name: Run Snyk to check Docker image for vulnerabilities uses: snyk/actions/docker@master env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: - image: ${{ matrix.image }} + image: ${{ matrix.versions.image }} command: test - args: --file=Dockerfile --severity-threshold=high --fail-on=upgradable --org=f310ee2f-5552-444d-84ee-ec8c44c33adb \ No newline at end of file + args: --file=${{ matrix.versions.CONTEXT }}/Dockerfile --severity-threshold=high --fail-on=upgradable --org=f310ee2f-5552-444d-84ee-ec8c44c33adb --policy-path=${{ matrix.versions.CONTEXT }}/.snyk diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fcc6f22..fcbe84a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -57,7 +57,7 @@ jobs: - ghcr.io/wiremock/wiremock:${{ needs.check-new-version.outputs.new_version }}-alpine PLATFORMS: - linux/amd64 - + steps: - name: Set up QEMU @@ -152,21 +152,23 @@ jobs: if: needs.check-new-version.outputs.new_version strategy: matrix: - image: - - wiremock/wiremock:${{ needs.check-new-version.outputs.new_version }} - - wiremock/wiremock:${{ needs.check-new-version.outputs.new_version }}-alpine + versions: + - CONTEXT: . + image: wiremock/wiremock:${{ needs.check-new-version.outputs.new_version }} + - CONTEXT: alpine + image: wiremock/wiremock:${{ needs.check-new-version.outputs.new_version }}-alpine steps: - uses: actions/checkout@v4 - name: Pull image to check we've got it - run: docker pull ${{ matrix.image }} + run: docker pull ${{ matrix.versions.image }} - name: Run Snyk to monitor Docker image for vulnerabilities uses: snyk/actions/docker@master env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: - image: ${{ matrix.image }} + image: ${{ matrix.versions.image }} command: monitor - args: --file=Dockerfile --org=f310ee2f-5552-444d-84ee-ec8c44c33adb --project-name=wiremock-docker + args: --file=${{ matrix.versions.CONTEXT }}/Dockerfile --org=f310ee2f-5552-444d-84ee-ec8c44c33adb --project-name=wiremock-docker --policy-path=${{ matrix.versions.CONTEXT }}/.snyk From 7c1b4cb53e24401f55328426e5d722cbb1eb3def Mon Sep 17 00:00:00 2001 From: Robert Elliot Date: Fri, 13 Sep 2024 14:49:15 +0100 Subject: [PATCH 2/2] Add dependabot --- .github/dependabot.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..79146f5 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +version: 2 +updates: + +- package-ecosystem: "docker" + directory: "/" + schedule: + interval: "weekly" + +- package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly"