Merge pull request #772 from DaanSelen/workflowclarify

2025-06-27 16:56:57 +00:00 · 2025-06-04 16:32:52 +08:00 · 2025-06-04 16:32:52 +08:00 · 354f4e47df
commit 354f4e47df
parent b04f7b2d2c 84167650b8
2 changed files with 28 additions and 56 deletions
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@ -53,6 +53,11 @@ jobs:
          images: |
            ${{ env.DOCKER_HUB_PREFIX }}/${{ env.DOCKER_IMAGE }}
            ${{ env.GHCR_PREFIX }}/${{ env.DOCKER_IMAGE }}
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern=latest,enable={{is_tag}}
+            type=raw,value=nightly,enable={{is_default_branch}}
+            type=ref,pattern={{ref_name}},enable={{is_default_branch}}

      - name: Build and export (multi-arch)
        uses: docker/build-push-action@v6
@ -64,23 +69,27 @@ jobs:
          labels: ${{ steps.meta.outputs.labels }}
          platforms: linux/amd64,linux/arm64,linux/arm/v7

-      - name: Docker Scout CVEs
-        uses: docker/scout-action@v1
-        with:
-          command: cves
-          image: ${{ steps.meta.outputs.tags }}
-          only-severities: critical,high
-          only-fixed: true
-          write-comment: true
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          exit-code: true
+  docker_scan:
+      runs-on: ubuntu-latest
+      needs: docker_build
+      steps:
+        - name: Docker Scout CVEs
+          uses: docker/scout-action@v1
+          with:
+            command: cves
+            image: ${{ env.GHCR_PREFIX }}/${{ env.DOCKER_IMAGE }}:nightly
+            only-severities: critical,high
+            only-fixed: true
+            write-comment: true
+            github-token: ${{ secrets.GITHUB_TOKEN }}
+            exit-code: true

-      - name: Docker Scout Compare
-        uses: docker/scout-action@v1
-        with:
-          command: compare
-          image: ${{ env.DOCKER_HUB_PREFIX }}/${{ env.DOCKER_IMAGE }}:nightly
-          to: ${{ env.DOCKER_HUB_PREFIX }}/${{ env.DOCKER_IMAGE }}:latest
-          only-severities: critical,high
-          ignore-unchanged: true
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+        - name: Docker Scout Compare
+          uses: docker/scout-action@v1
+          with:
+            command: compare
+            image: ${{ env.GHCR_PREFIX }}/${{ env.DOCKER_IMAGE }}:nightly
+            to: ${{ env.GHCR_PREFIX }}/${{ env.DOCKER_IMAGE }}:latest
+            only-severities: critical,high
+            ignore-unchanged: true
+            github-token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/docker-scan.yml
+++ b/.github/workflows/docker-scan.yml
@ -1,37 +0,0 @@
-name: Docker Scan
-
-on:
-  workflow_dispatch:
-    inputs:
-      trigger-scan:
-        description: 'Trigger a manual scan'
-        required: true
-        default: 'true'
-
-env:
-  DOCKER_IMAGE: donaldzou/wgdashboard
-
-jobs:
-  docker_scan:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Log in to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          registry: docker.io
-          username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
-
-      - name: Docker Scout CVEs
-        uses: docker/scout-action@v1
-        with:
-          command: cves
-          image: ${{ env.DOCKER_IMAGE }}:nightly
-          only-severities: critical,high
-          only-fixed: true
-          write-comment: true
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          exit-code: true