mirror of
https://github.com/donaldzou/WGDashboard.git
synced 2025-06-28 09:16:55 +00:00
Donald Zou
GitHub
commit
8137a46c68
50
.github/workflows/docker-analyze.yaml
vendored
50
.github/workflows/docker-analyze.yaml
vendored
@ -1,50 +0,0 @@
|
|||||||
name: Docker-Analyze
|
|
||||||
|
|
||||||
on:
|
|
||||||
schedule:
|
|
||||||
- cron: "0 0 * * *" # Daily at midnight UTC
|
|
||||||
workflow_dispatch:
|
|
||||||
inputs:
|
|
||||||
trigger-build:
|
|
||||||
description: 'Trigger a manual build and push'
|
|
||||||
default: 'true'
|
|
||||||
|
|
||||||
env:
|
|
||||||
DOCKER_IMAGE: donaldzou/wgdashboard
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
docker_analyze:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
strategy:
|
|
||||||
fail-fast: false
|
|
||||||
steps:
|
|
||||||
- name: Checkout repository
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
|
|
||||||
- name: Log in to Docker Hub
|
|
||||||
uses: docker/login-action@v3
|
|
||||||
with:
|
|
||||||
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
|
||||||
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
|
||||||
|
|
||||||
- name: Install Docker Scout
|
|
||||||
run: |
|
|
||||||
echo "Installing Docker Scout..."
|
|
||||||
curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
|
|
||||||
echo "Docker Scout installed successfully."
|
|
||||||
- name: Analyze Docker image with Docker Scout
|
|
||||||
id: analyze-image
|
|
||||||
run: |
|
|
||||||
echo "Analyzing Docker image with Docker Scout..."
|
|
||||||
docker scout cves ${{ env.DOCKER_IMAGE }}:latest > scout-results.txt
|
|
||||||
cat scout-results.txt
|
|
||||||
echo "Docker Scout analysis completed."
|
|
||||||
- name: Fail if critical CVEs are found
|
|
||||||
run: |
|
|
||||||
if grep -q "0C" scout-results.txt; then
|
|
||||||
echo "No critical vulnerabilities found! Continueing."
|
|
||||||
exit 0
|
|
||||||
else
|
|
||||||
echo "At least one critical vulnerabilities found! Exiting."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
@ -1,4 +1,4 @@
|
|||||||
name: Docker-Build
|
name: Docker Scan and Build
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
@ -10,10 +10,10 @@ on:
|
|||||||
default: 'true'
|
default: 'true'
|
||||||
|
|
||||||
env:
|
env:
|
||||||
DOCKER_IMAGE: donaldzou/wgdashboard
|
DOCKER_IMAGE: ${{ secrets.DOCKER_HUB_USERNAME }}/wgdashboard
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
docker_build:
|
docker_build_analyze:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
strategy:
|
strategy:
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
@ -42,3 +42,12 @@ jobs:
|
|||||||
push: true
|
push: true
|
||||||
tags: ${{ env.DOCKER_IMAGE }}:latest
|
tags: ${{ env.DOCKER_IMAGE }}:latest
|
||||||
platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7
|
platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7
|
||||||
|
|
||||||
|
- name: Docker Scout
|
||||||
|
id: docker-scout
|
||||||
|
uses: docker/scout-action@v1
|
||||||
|
with:
|
||||||
|
command: quickview,cves
|
||||||
|
image: image://${{ env.DOCKER_IMAGE }}:latest
|
||||||
|
summary: true
|
||||||
|
only-severities: critical,high,medium,low,unspecified
|
||||||
Loading…
x
Reference in New Issue
Block a user