Skip to content

Commit

Permalink
Enhance GitHub Actions workflow: added Docker build and export step, …
Browse files Browse the repository at this point in the history
…integrated Trivy vulnerability scanner for critical and high severity checks, and refined platform-specific build process. This update improves security scanning and image management.
  • Loading branch information
jaydrogers committed Dec 11, 2024
1 parent 87f338e commit d8cc8f2
Showing 1 changed file with 24 additions and 1 deletion.
25 changes: 24 additions & 1 deletion .github/workflows/service_docker-build-and-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,30 @@ jobs:
--print-tags-only
fi
- name: Build and push
- name: Build and export to Docker
uses: docker/build-push-action@v6
with:
file: src/Dockerfile
cache-from: type=gha,mode=max
cache-to: type=gha,mode=max
platforms: linux/amd64 # Only build amd64 for scanning
pull: true
push: false
load: true # Load into Docker's local image store
tags: ${{ env.DOCKER_TAGS }}

- name: Run Trivy vulnerability scanner
uses: aquasecurity/[email protected]
with:
image-ref: ${{ env.DOCKER_TAGS }}
format: 'table'
exit-code: 1
ignore-unfixed: true
severity: 'CRITICAL,HIGH'
hide-progress: true

- name: Build and push all platforms
if: success()
uses: docker/build-push-action@v6
with:
file: src/Dockerfile
Expand Down

0 comments on commit d8cc8f2

Please sign in to comment.