versia-pub/activitypub
2
0
Fork 0
mirror of https://github.com/versia-pub/activitypub.git synced 2025-12-06 06:38:20 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

add docker image scanning

Browse source
This commit is contained in:
April John 2025-02-11 14:21:33 +01:00
parent 93d4b7af0d
commit 3dadef436e
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
.github/workflows/docker-publish.yml vendored
View file

@ -58,6 +58,15 @@ jobs:
run: nix build .#ociImage run: nix build .#ociImage
- name: Load Docker image - name: Load Docker image
run: docker load < result run: docker load < result
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.28.0
with:
image-ref: 'ghcr.io/$IMAGE_NAME'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
- name: Push image to registry - name: Push image to registry
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
run: docker push ghcr.io/$IMAGE_NAME -a run: docker push ghcr.io/$IMAGE_NAME -a