mirror of
https://github.com/donaldzou/WGDashboard.git
synced 2024-11-06 16:00:28 +01:00
48 lines
1.4 KiB
YAML
48 lines
1.4 KiB
YAML
|
name: Docker-Analyze
|
||
|
|
|
||
|
|
on:
|
||
|
|
schedule:
|
||
|
|
- cron: "0 0 * * *" # Daily at midnight UTC
|
||
|
|
workflow_dispatch:
|
||
|
|
inputs:
|
||
|
|
trigger-build:
|
||
|
|
description: 'Trigger a manual build and push'
|
||
|
|
default: 'true'
|
||
|
|
|
||
|
|
env:
|
||
|
|
DOCKER_IMAGE: dselen/wgdashboard
|
||
|
|
|
||
|
|
jobs:
|
||
|
|
docker_analyze:
|
||
|
|
runs-on: ubuntu-latest
|
||
|
|
strategy:
|
||
|
|
fail-fast: false
|
||
|
|
steps:
|
||
|
|
- name: Checkout repository
|
||
|
|
uses: actions/checkout@v4
|
||
|
|
|
||
|
|
- name: Log in to Docker Hub
|
||
|
|
uses: docker/login-action@v3
|
||
|
|
with:
|
||
|
|
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||
|
|
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
||
|
|
|
||
|
|
- name: Install Docker Scout
|
||
|
|
run: |
|
||
|
|
echo "Installing Docker Scout..."
|
||
|
|
curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
|
||
|
|
echo "Docker Scout installed successfully."
|
||
|
|
- name: Analyze Docker image with Docker Scout
|
||
|
|
id: analyze-image
|
||
|
|
run: |
|
||
|
|
echo "Analyzing Docker image with Docker Scout..."
|
||
|
|
docker scout cves ${{ env.DOCKER_IMAGE }}:latest > scout-results.txt
|
||
|
|
cat scout-results.txt
|
||
|
|
echo "Docker Scout analysis completed."
|
||
|
|
- name: Fail if critical CVEs are found
|
||
|
|
run: |
|
||
|
|
if grep -q "CRITICAL" scout-results.txt; then
|
||
|
|
echo "Critical vulnerabilities found! Failing the job."
|
||
|
|
exit 1
|
||
|
|
fi
|