Drop arm/v7 support, split vuln scan to stages

TheLab-ms · May 22, 2024 · 1899db3 · 1899db3
1 parent 31d44ed
commit 1899db3
Showing 1 changed file with 18 additions and 5 deletions.
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -12,8 +12,17 @@ on:
     - cron: '0 22 1 * *'
 
 jobs:
-  build:
+  vulerability-scan:
     runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Perform Scan
+        uses: ShiftLeftSecurity/scan-action@master
+  build-and-push:
+    runs-on: ubuntu-latest
+    needs:
+      - vulerability-scan
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -36,19 +45,22 @@ jobs:
       - name: Get current date
         id: date
         run: echo "::set-output name=date::$(date +'%Y-%m-%d')"
-      - name: Perform Scan
-        uses: ShiftLeftSecurity/scan-action@master
       - name: Build and push
         uses: docker/build-push-action@v5
         with:
           context: .
-          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          platforms: linux/amd64,linux/arm64
           push: true
           tags: | 
             ${{ env.GHCR }}/vremenar/${{ env.IMAGENAME }}:latest
             ${{ env.GHCR }}/vremenar/${{ env.IMAGENAME }}:${{ steps.date.outputs.date }}
             ${{ env.DOCKER }}/vremenar/${{ env.IMAGENAME }}:latest
             ${{ env.DOCKER }}/vremenar/${{ env.IMAGENAME }}:${{ steps.date.outputs.date }}
+  image-vulnerability-scan:
+    runs-on: ubuntu-latest
+    needs:
+      - build-and-push
+    steps:
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
@@ -57,4 +69,5 @@ jobs:
           exit-code: '1'
           ignore-unfixed: true
           vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
+          severity: 'CRITICAL,HIGH'
+