Skip to content

chore(cloud-native): sync assets to OCI images #429

chore(cloud-native): sync assets to OCI images

chore(cloud-native): sync assets to OCI images #429

# Please do not attempt to edit this flow without the direct consent from the DevOps team. This file is managed centrally.
# Contact @moabu
name: Scan Image
on:
push:
branches:
- main
paths:
- "docker-**/**"
- "!**.md"
pull_request:
branches:
- master
- main
paths:
- "docker-**/**"
- "!docker-**/CHANGELOG.md"
- "!docker-**/version.txt"
- "!**.md"
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
docker-images: ["admin-ui", "flex-monolith", "flex-all-in-one"]
steps:
- uses: actions/checkout@v3
- name: Build the Container image
run: docker build ./docker-${{ matrix.docker-images }} --file ./docker-${{ matrix.docker-images }}/Dockerfile --tag localbuild/scanimage:latest
- uses: anchore/scan-action@v3
id: scan
with:
image: "localbuild/scanimage:latest"
output-format: sarif
fail-build: false
- name: Send JSON report
if: github.event_name == 'workflow_dispatch'
run: |
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
grype -v localbuild/scanimage:latest -o json > ${{ matrix.docker-images }}.results.json
curl "https://chat.gluu.org/api/v1/rooms.upload/YNz6rg7eNpngiygkv" \
-F "file=@${{ matrix.docker-images }}.results.json" \
-F "msg=${{ matrix.docker-images }} json report." \
-F "description=Scan detailed JSON report" \
-H "X-Auth-Token: ${{ secrets.MOAUTO_ROCKETCHAT_TOKEN }}" \
-H "X-User-Id: ${{ secrets.MOAUTO_ROCKETCHAT_ID }}"
- name: upload Anchore scan SARIF report
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
- uses: azure/container-scan@v0
continue-on-error: true
with:
image-name: localbuild/scanimage:latest
run-quality-checks: true
severity-threshold: LOW