Skip to content

Commit

Permalink
chore: review
Browse files Browse the repository at this point in the history
Signed-off-by: Niccolò Fei <[email protected]>
  • Loading branch information
NiccoloFei committed Nov 3, 2023
1 parent 339f8b1 commit a8e8c56
Showing 1 changed file with 8 additions and 10 deletions.
18 changes: 8 additions & 10 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -90,30 +90,28 @@ jobs:
load: true
tags: ${{ steps.docker-meta.outputs.tags }}
labels: ${{ steps.docker-meta.outputs.labels }}

- name: Dockle scan
-
name: Dockle scan
uses: erzz/dockle-action@v1
with:
image: "ghcr.io/${{ env.IMAGE_STAGING }}:${{ env.PGBOUNCER_VERSION}}"
image: "ghcr.io/${{ env.IMAGE_STAGING }}:${{ env.PGBOUNCER_VERSION }}"
exit-code: '1'
failure-threshold: WARN
accept-keywords: key
#accept-filenames: usr/share/cmake/Templates/Windows/Windows_TemporaryKey.pfx,etc/trusted-key.key,usr/share/doc/perl-IO-Socket-SSL/certs/server_enc.p12,usr/share/doc/perl-IO-Socket-SSL/certs/server.p12,usr/local/lib/python3.9/dist-packages/azure/core/settings.py,usr/local/lib/python3.8/site-packages/azure/core/settings.py,usr/share/postgresql-common/pgdg/apt.postgresql.org.asc,usr/local/lib/python3.7/dist-packages/azure/core/settings.py,etc/ssl/private/ssl-cert-snakeoil.key,usr/lib/python3.9/site-packages/azure/core/settings.py

- name: Run Snyk to check Docker image for vulnerabilities
-
name: Run Snyk to check Docker image for vulnerabilities
uses: snyk/actions/docker@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: "ghcr.io/${{ env.IMAGE_STAGING }}:${{ env.PGBOUNCER_VERSION}}"
image: "ghcr.io/${{ env.IMAGE_STAGING }}:${{ env.PGBOUNCER_VERSION }}"
args: --severity-threshold=high --file=${{ matrix.file }}

- name: Upload result to GitHub Code Scanning
-
name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: snyk.sarif

-
name: Build and push
uses: docker/build-push-action@v5
Expand Down

0 comments on commit a8e8c56

Please sign in to comment.