diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index dafb54f..955482f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -69,6 +69,7 @@ env: jobs: build: + name: build runs-on: ubuntu-latest steps: - name: Set up QEMU @@ -96,21 +97,25 @@ jobs: with: platforms: linux/amd64,linux/arm64 push: false - tags: test/test:latest - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: '${{env.REPOSITORY}}:${{env.IMAGE_TAG}}' - format: 'sarif' - output: 'trivy-results.sarif' - vuln-type: 'os,library' - ignore-unfixed: false - env: - TRIVY_USERNAME: ${{ secrets.DOCKERHUB_AUTH_USERNAME }} - TRIVY_PASSWORD: ${{ secrets.DOCKERHUB_AUTH_TOKEN }} - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: 'trivy-results.sarif' \ No newline at end of file + tags: ${{ env.REPOSITORY }}:latest,${{ env.REPOSITORY }}:${{ env.IMAGE_TAG }} + sec: + name: sec + runs-on: ubuntu-latest + needs: build + steps: + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: '${{env.REPOSITORY}}:${{env.IMAGE_TAG}}' + format: 'sarif' + output: 'trivy-results.sarif' + vuln-type: 'os,library' + ignore-unfixed: false + env: + TRIVY_USERNAME: ${{ secrets.DOCKERHUB_AUTH_USERNAME }} + TRIVY_PASSWORD: ${{ secrets.DOCKERHUB_AUTH_TOKEN }} + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: 'trivy-results.sarif' \ No newline at end of file diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml index 38e00b9..11717c7 100644 --- a/.github/workflows/hadolint.yml +++ b/.github/workflows/hadolint.yml @@ -2,6 +2,8 @@ name: Hadolint 👀 on: push: + paths: + - Dockerfile branches: - '*' tags: