mirror of
https://github.com/donaldzou/WGDashboard.git
synced 2024-11-06 07:50:13 +01:00
commit
1cc321ddff
@ -38,11 +38,11 @@ jobs:
|
|||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v3
|
||||||
|
|
||||||
# Initializes the CodeQL tools for scanning.
|
# Initializes the CodeQL tools for scanning.
|
||||||
- name: Initialize CodeQL
|
- name: Initialize CodeQL
|
||||||
uses: github/codeql-action/init@v1
|
uses: github/codeql-action/init@v3
|
||||||
with:
|
with:
|
||||||
languages: ${{ matrix.language }}
|
languages: ${{ matrix.language }}
|
||||||
# If you wish to specify custom queries, you can do so here or in a config file.
|
# If you wish to specify custom queries, you can do so here or in a config file.
|
||||||
@ -53,7 +53,7 @@ jobs:
|
|||||||
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
|
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
|
||||||
# If this step fails, then you should remove it and run the build manually (see below)
|
# If this step fails, then you should remove it and run the build manually (see below)
|
||||||
- name: Autobuild
|
- name: Autobuild
|
||||||
uses: github/codeql-action/autobuild@v1
|
uses: github/codeql-action/autobuild@v3
|
||||||
|
|
||||||
# ℹ️ Command-line programs to run using the OS shell.
|
# ℹ️ Command-line programs to run using the OS shell.
|
||||||
# 📚 https://git.io/JvXDl
|
# 📚 https://git.io/JvXDl
|
||||||
@ -67,4 +67,4 @@ jobs:
|
|||||||
# make release
|
# make release
|
||||||
|
|
||||||
- name: Perform CodeQL Analysis
|
- name: Perform CodeQL Analysis
|
||||||
uses: github/codeql-action/analyze@v1
|
uses: github/codeql-action/analyze@v3
|
50
.github/workflows/docker-analyze.yaml
vendored
Normal file
50
.github/workflows/docker-analyze.yaml
vendored
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
name: Docker-Analyze
|
||||||
|
|
||||||
|
on:
|
||||||
|
schedule:
|
||||||
|
- cron: "0 0 * * *" # Daily at midnight UTC
|
||||||
|
workflow_dispatch:
|
||||||
|
inputs:
|
||||||
|
trigger-build:
|
||||||
|
description: 'Trigger a manual build and push'
|
||||||
|
default: 'true'
|
||||||
|
|
||||||
|
env:
|
||||||
|
DOCKER_IMAGE: dselen/wgdashboard
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
docker_analyze:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
strategy:
|
||||||
|
fail-fast: false
|
||||||
|
steps:
|
||||||
|
- name: Checkout repository
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Log in to Docker Hub
|
||||||
|
uses: docker/login-action@v3
|
||||||
|
with:
|
||||||
|
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||||||
|
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
||||||
|
|
||||||
|
- name: Install Docker Scout
|
||||||
|
run: |
|
||||||
|
echo "Installing Docker Scout..."
|
||||||
|
curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
|
||||||
|
echo "Docker Scout installed successfully."
|
||||||
|
- name: Analyze Docker image with Docker Scout
|
||||||
|
id: analyze-image
|
||||||
|
run: |
|
||||||
|
echo "Analyzing Docker image with Docker Scout..."
|
||||||
|
docker scout cves ${{ env.DOCKER_IMAGE }}:latest > scout-results.txt
|
||||||
|
cat scout-results.txt
|
||||||
|
echo "Docker Scout analysis completed."
|
||||||
|
- name: Fail if critical CVEs are found
|
||||||
|
run: |
|
||||||
|
if grep -q "0C" scout-results.txt; then
|
||||||
|
echo "No critical vulnerabilities found! Continueing."
|
||||||
|
exit 0
|
||||||
|
else
|
||||||
|
echo "At least one critical vulnerabilities found! Exiting."
|
||||||
|
exit 1
|
||||||
|
fi
|
38
.github/workflows/docker-build.yaml
vendored
Normal file
38
.github/workflows/docker-build.yaml
vendored
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
name: Docker-Build
|
||||||
|
|
||||||
|
on:
|
||||||
|
schedule:
|
||||||
|
- cron: "0 0 * * *" # Daily at midnight UTC
|
||||||
|
workflow_dispatch:
|
||||||
|
inputs:
|
||||||
|
trigger-build:
|
||||||
|
description: 'Trigger a manual build and push'
|
||||||
|
default: 'true'
|
||||||
|
|
||||||
|
env:
|
||||||
|
DOCKER_IMAGE: donaldzou/wgdashboard
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
docker_build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
strategy:
|
||||||
|
fail-fast: false
|
||||||
|
steps:
|
||||||
|
- name: Checkout repository
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Log in to Docker Hub
|
||||||
|
uses: docker/login-action@v3
|
||||||
|
with:
|
||||||
|
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||||||
|
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
||||||
|
|
||||||
|
- name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v3
|
||||||
|
|
||||||
|
- name: Build and export
|
||||||
|
uses: docker/build-push-action@v6
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
push: true
|
||||||
|
tags: ${{ env.DOCKER_IMAGE }}:latest
|
56
.github/workflows/main.yml
vendored
56
.github/workflows/main.yml
vendored
@ -1,56 +0,0 @@
|
|||||||
name: Docker Image Build and Analysis
|
|
||||||
|
|
||||||
on:
|
|
||||||
schedule:
|
|
||||||
- cron: "0 0 * * *" # Schedule the workflow to run daily at midnight (UTC time). Adjust the time if needed.
|
|
||||||
workflow_dispatch: # Manual run trigger
|
|
||||||
inputs:
|
|
||||||
trigger-build:
|
|
||||||
description: 'Trigger a manual build and push'
|
|
||||||
default: 'true'
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
build-and-analyze:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Checkout repository
|
|
||||||
uses: actions/checkout@v3
|
|
||||||
|
|
||||||
- name: Log in to Docker Hub
|
|
||||||
uses: docker/login-action@v3
|
|
||||||
with:
|
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
||||||
|
|
||||||
- name: Build Docker image
|
|
||||||
id: build-image
|
|
||||||
run: |
|
|
||||||
echo "Building Docker image..."
|
|
||||||
docker build -t my-app-image:latest .
|
|
||||||
echo "Docker image built successfully."
|
|
||||||
|
|
||||||
- name: Install Docker Scout
|
|
||||||
run: |
|
|
||||||
echo "Installing Docker Scout..."
|
|
||||||
curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
|
|
||||||
echo "Docker Scout installed successfully."
|
|
||||||
|
|
||||||
- name: Analyze Docker image with Docker Scout
|
|
||||||
id: analyze-image
|
|
||||||
run: |
|
|
||||||
echo "Analyzing Docker image with Docker Scout..."
|
|
||||||
docker scout cves my-app-image:latest > scout-results.txt
|
|
||||||
cat scout-results.txt # Print the report to the workflow logs for easy viewing
|
|
||||||
echo "Docker Scout analysis completed."
|
|
||||||
|
|
||||||
- name: Post Comment on Issue or PR
|
|
||||||
run: |
|
|
||||||
COMMENT="**Docker Image Build and Analysis Report**\n\nThe Docker image was built and analyzed successfully.\n\n**Build Summary:**\n- Image Tag: my-app-image:latest\n\n**Analysis Report:**\n\`\`\`\n$(cat scout-results.txt)\n\`\`\`"
|
|
||||||
|
|
||||||
# Post comment using GitHub API
|
|
||||||
curl -X POST \
|
|
||||||
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
|
|
||||||
-H "Accept: application/vnd.github.v3+json" \
|
|
||||||
-d "{\"body\": \"$COMMENT\"}" \
|
|
||||||
"https://api.github.com/repos/NOXCIS/WGDashboard/issues/1/comments" # Replace '1' with the issue or PR number
|
|
Loading…
Reference in New Issue
Block a user