Modified GitHub workflows

2025-10-04 00:06:18 +00:00 · 2024-10-17 12:52:34 +02:00
parent 2297d6b85b
commit 321b7b4cee
4 changed files with 89 additions and 60 deletions
--- a/.github/workflows/docker-analyze.yaml
+++ b/.github/workflows/docker-analyze.yaml
@@ -0,0 +1,47 @@
+name: Docker-Analyze
+
+on:
+  schedule:
+    - cron: "0 0 * * *"  # Daily at midnight UTC
+  workflow_dispatch:
+    inputs:
+      trigger-build:
+        description: 'Trigger a manual build and push'
+        default: 'true'
+
+env:
+  DOCKER_IMAGE: dselen/wgdashboard
+
+jobs:
+  docker_analyze:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
+
+      - name: Install Docker Scout
+        run: |
+          echo "Installing Docker Scout..."
+          curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
+          echo "Docker Scout installed successfully."
+      - name: Analyze Docker image with Docker Scout
+        id: analyze-image
+        run: |
+          echo "Analyzing Docker image with Docker Scout..."
+          docker scout cves ${{ env.DOCKER_IMAGE }}:latest > scout-results.txt
+          cat scout-results.txt
+          echo "Docker Scout analysis completed."
+      - name: Fail if critical CVEs are found
+        run: |
+          if grep -q "CRITICAL" scout-results.txt; then
+            echo "Critical vulnerabilities found! Failing the job."
+            exit 1
+          fi