2024-08-24 08:01:56 +02:00
|
|
|
name: Docker Image Build and Analysis
|
|
|
|
|
|
|
|
|
|
on:
|
|
|
|
|
schedule:
|
|
|
|
|
- cron: "0 0 * * *" # Schedule the workflow to run daily at midnight (UTC time). Adjust the time if needed.
|
|
|
|
|
workflow_dispatch: # Manual run trigger
|
|
|
|
|
inputs:
|
|
|
|
|
trigger-build:
|
|
|
|
|
description: 'Trigger a manual build and push'
|
|
|
|
|
default: 'true'
|
|
|
|
|
|
|
|
|
|
jobs:
|
|
|
|
|
build-and-analyze:
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
|
|
|
|
|
steps:
|
|
|
|
|
- name: Checkout repository
|
|
|
|
|
uses: actions/checkout@v3
|
|
|
|
|
|
2024-08-24 08:22:37 +02:00
|
|
|
- name: Log in to Docker Hub
|
2024-08-24 08:18:49 +02:00
|
|
|
uses: docker/login-action@v3
|
2024-08-24 08:01:56 +02:00
|
|
|
with:
|
2024-08-24 08:22:37 +02:00
|
|
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
|
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
2024-08-24 08:01:56 +02:00
|
|
|
|
|
|
|
|
- name: Build Docker image
|
|
|
|
|
id: build-image
|
|
|
|
|
run: |
|
|
|
|
|
docker build -t my-app-image:latest .
|
|
|
|
|
|
|
|
|
|
- name: Install Docker Scout
|
|
|
|
|
run: |
|
2024-08-24 08:29:51 +02:00
|
|
|
curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
|
2024-08-24 08:01:56 +02:00
|
|
|
|
|
|
|
|
- name: Analyze Docker image with Docker Scout
|
|
|
|
|
id: analyze-image
|
|
|
|
|
run: |
|
2024-08-24 08:34:03 +02:00
|
|
|
# Get the current date in YYYY-MM-DD format
|
|
|
|
|
DATE=$(date +'%Y-%m-%d')
|
|
|
|
|
OUTPUT_FILE=".github/workflows/cve-report-$DATE.json"
|
|
|
|
|
|
|
|
|
|
docker scout cves my-app-image:latest > $OUTPUT_FILE
|
|
|
|
|
echo "CVE report saved to $OUTPUT_FILE"
|
2024-08-24 08:40:34 +02:00
|
|
|
cat $OUTPUT_FILE
|
2024-08-24 08:01:56 +02:00
|
|
|
|
|
|
|
|
- name: Upload Scout results
|
|
|
|
|
uses: actions/upload-artifact@v3
|
|
|
|
|
with:
|
|
|
|
|
name: scout-results
|
2024-08-24 08:34:03 +02:00
|
|
|
path: .github/workflows/cve-report-*.json
|
