mirror of
https://github.com/mykitserver/docker-limesurvey.git
synced 2025-12-06 16:39:11 +01:00
53 lines
1.6 KiB
YAML
53 lines
1.6 KiB
YAML
name: Test Latest Container Images
|
|
|
|
on: [push, pull_request]
|
|
|
|
jobs:
|
|
test_images:
|
|
name: Test Latest Container Images with Trivy
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
context:
|
|
- apache
|
|
- fpm-alpine
|
|
- fpm
|
|
steps:
|
|
- name: 'Check out the repo'
|
|
uses: actions/checkout@v2
|
|
|
|
- name: 'Set up Docker Buildx'
|
|
uses: docker/setup-buildx-action@v1
|
|
|
|
- name: 'Build Container images'
|
|
uses: docker/build-push-action@v2
|
|
with:
|
|
context: 5.0/${{ matrix.context }}
|
|
push: false
|
|
load: true
|
|
tags: docker.io/martialblog/limesurvey:5-${{ matrix.context }}
|
|
|
|
- name: 'Run Structure tests'
|
|
uses: plexsystems/container-structure-test-action@v0.2.0
|
|
with:
|
|
image: docker.io/martialblog/limesurvey:5-${{ matrix.context }}
|
|
config: tests/${{ matrix.context }}-tests.yaml
|
|
|
|
- name: 'Run vulnerability scanner'
|
|
uses: aquasecurity/trivy-action@master
|
|
with:
|
|
image-ref: docker.io/martialblog/limesurvey:5-${{ matrix.context }}
|
|
format: 'template'
|
|
template: '@/contrib/sarif.tpl'
|
|
exit-code: '0'
|
|
# Since we are not in charge of the Application
|
|
vuln-type: 'os'
|
|
output: trivy-results-5-${{ matrix.context }}.sarif
|
|
severity: 'CRITICAL,HIGH'
|
|
|
|
- name: 'Upload Trivy scan results to GitHub'
|
|
uses: github/codeql-action/upload-sarif@v1
|
|
with:
|
|
sarif_file: trivy-results-5-${{ matrix.context }}.sarif
|
|
category: "${{ matrix.context }}"
|