1
0
mirror of https://github.com/donaldzou/WGDashboard.git synced 2024-11-22 07:10:09 +01:00

Merge pull request #436 from donaldzou/v4.1-workflows

V4.1 workflows
This commit is contained in:
Donald Zou 2024-10-23 17:30:33 +08:00 committed by GitHub
commit 1cc321ddff
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 92 additions and 60 deletions

View File

@ -38,11 +38,11 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v2 uses: actions/checkout@v3
# Initializes the CodeQL tools for scanning. # Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL - name: Initialize CodeQL
uses: github/codeql-action/init@v1 uses: github/codeql-action/init@v3
with: with:
languages: ${{ matrix.language }} languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file. # If you wish to specify custom queries, you can do so here or in a config file.
@ -53,7 +53,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below) # If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild - name: Autobuild
uses: github/codeql-action/autobuild@v1 uses: github/codeql-action/autobuild@v3
# Command-line programs to run using the OS shell. # Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl # 📚 https://git.io/JvXDl
@ -67,4 +67,4 @@ jobs:
# make release # make release
- name: Perform CodeQL Analysis - name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1 uses: github/codeql-action/analyze@v3

50
.github/workflows/docker-analyze.yaml vendored Normal file
View File

@ -0,0 +1,50 @@
name: Docker-Analyze
on:
schedule:
- cron: "0 0 * * *" # Daily at midnight UTC
workflow_dispatch:
inputs:
trigger-build:
description: 'Trigger a manual build and push'
default: 'true'
env:
DOCKER_IMAGE: dselen/wgdashboard
jobs:
docker_analyze:
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: Install Docker Scout
run: |
echo "Installing Docker Scout..."
curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
echo "Docker Scout installed successfully."
- name: Analyze Docker image with Docker Scout
id: analyze-image
run: |
echo "Analyzing Docker image with Docker Scout..."
docker scout cves ${{ env.DOCKER_IMAGE }}:latest > scout-results.txt
cat scout-results.txt
echo "Docker Scout analysis completed."
- name: Fail if critical CVEs are found
run: |
if grep -q "0C" scout-results.txt; then
echo "No critical vulnerabilities found! Continueing."
exit 0
else
echo "At least one critical vulnerabilities found! Exiting."
exit 1
fi

38
.github/workflows/docker-build.yaml vendored Normal file
View File

@ -0,0 +1,38 @@
name: Docker-Build
on:
schedule:
- cron: "0 0 * * *" # Daily at midnight UTC
workflow_dispatch:
inputs:
trigger-build:
description: 'Trigger a manual build and push'
default: 'true'
env:
DOCKER_IMAGE: donaldzou/wgdashboard
jobs:
docker_build:
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and export
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: ${{ env.DOCKER_IMAGE }}:latest

View File

@ -1,56 +0,0 @@
name: Docker Image Build and Analysis
on:
schedule:
- cron: "0 0 * * *" # Schedule the workflow to run daily at midnight (UTC time). Adjust the time if needed.
workflow_dispatch: # Manual run trigger
inputs:
trigger-build:
description: 'Trigger a manual build and push'
default: 'true'
jobs:
build-and-analyze:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build Docker image
id: build-image
run: |
echo "Building Docker image..."
docker build -t my-app-image:latest .
echo "Docker image built successfully."
- name: Install Docker Scout
run: |
echo "Installing Docker Scout..."
curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
echo "Docker Scout installed successfully."
- name: Analyze Docker image with Docker Scout
id: analyze-image
run: |
echo "Analyzing Docker image with Docker Scout..."
docker scout cves my-app-image:latest > scout-results.txt
cat scout-results.txt # Print the report to the workflow logs for easy viewing
echo "Docker Scout analysis completed."
- name: Post Comment on Issue or PR
run: |
COMMENT="**Docker Image Build and Analysis Report**\n\nThe Docker image was built and analyzed successfully.\n\n**Build Summary:**\n- Image Tag: my-app-image:latest\n\n**Analysis Report:**\n\`\`\`\n$(cat scout-results.txt)\n\`\`\`"
# Post comment using GitHub API
curl -X POST \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
-d "{\"body\": \"$COMMENT\"}" \
"https://api.github.com/repos/NOXCIS/WGDashboard/issues/1/comments" # Replace '1' with the issue or PR number