Skip to content
CI check on every PR

WebP Server Go 0.13.0 #475

Sign in to view logs

WebP Server Go 0.13.0

WebP Server Go 0.13.0 #475

Workflow file for this run

.github/workflows/CI.yaml at 71ec7cc
name: CI check on every PR
on:
pull_request:
paths-ignore:
- '**.md'
- 'Makefile'
- 'config.json'
jobs:
image-test:
name: Check for image build, testing and CVE
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Make test
uses: docker/build-push-action@v6
with:
context: .
file: ./Dockerfile.CI
load: true
tags: |
ghcr.io/${{ github.event.repository.full_name }}:latest
- name: Build image test
uses: docker/build-push-action@v6
with:
context: .
load: true
tags: |
ghcr.io/${{ github.event.repository.full_name }}:latest
- name: Install trivy
run: |
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy -y
- name: Scan for CVE
uses: mathiasvr/command-output@v1
id: trivy
with:
run: |
trivy image --no-progress --severity "HIGH,CRITICAL" --ignore-unfixed ghcr.io/${{ github.event.repository.full_name }}
- name: Print CVE
run: |
echo "${{ steps.trivy.outputs.stdout }}"
- name: Comment PR for CVE
uses: thollander/actions-comment-pull-request@v2
with:
message: |
```
${{ steps.trivy.outputs.stdout }}
```
comment_tag: cve
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}