1
0
mirror of https://github.com/donaldzou/WGDashboard.git synced 2024-11-22 23:27:45 +01:00
WGDashboard/.github/workflows/docker-analyze.yaml

51 lines
1.5 KiB
YAML
Raw Normal View History

2024-10-17 12:52:34 +02:00
name: Docker-Analyze
on:
schedule:
- cron: "0 0 * * *" # Daily at midnight UTC
2024-10-17 12:52:34 +02:00
workflow_dispatch:
inputs:
trigger-build:
description: 'Trigger a manual build and push'
default: 'true'
env:
DOCKER_IMAGE: donaldzou/wgdashboard
2024-10-17 12:52:34 +02:00
jobs:
docker_analyze:
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: Install Docker Scout
run: |
echo "Installing Docker Scout..."
curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
echo "Docker Scout installed successfully."
- name: Analyze Docker image with Docker Scout
id: analyze-image
run: |
echo "Analyzing Docker image with Docker Scout..."
docker scout cves ${{ env.DOCKER_IMAGE }}:latest > scout-results.txt
cat scout-results.txt
echo "Docker Scout analysis completed."
- name: Fail if critical CVEs are found
run: |
2024-10-21 12:07:33 +02:00
if grep -q "0C" scout-results.txt; then
echo "No critical vulnerabilities found! Continueing."
exit 0
else
echo "At least one critical vulnerabilities found! Exiting."
2024-10-17 12:52:34 +02:00
exit 1
fi