Merge pull request #436 from donaldzou/v4.1-workflows

V4.1 workflows

.github/workflows/codeql-analyze.yaml

@@ -38,11 +38,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -53,7 +53,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -67,4 +67,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v3

.github/workflows/docker-analyze.yaml

@@ -0,0 +1,50 @@
+name: Docker-Analyze
+
+on:
+  schedule:
+    - cron: "0 0 * * *"  # Daily at midnight UTC
+  workflow_dispatch:
+    inputs:
+      trigger-build:
+        description: 'Trigger a manual build and push'
+        default: 'true'
+
+env:
+  DOCKER_IMAGE: dselen/wgdashboard
+
+jobs:
+  docker_analyze:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
+
+      - name: Install Docker Scout
+        run: |
+          echo "Installing Docker Scout..."
+          curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
+          echo "Docker Scout installed successfully."
+      - name: Analyze Docker image with Docker Scout
+        id: analyze-image
+        run: |
+          echo "Analyzing Docker image with Docker Scout..."
+          docker scout cves ${{ env.DOCKER_IMAGE }}:latest > scout-results.txt
+          cat scout-results.txt
+          echo "Docker Scout analysis completed."
+      - name: Fail if critical CVEs are found
+        run: |
+          if grep -q "0C" scout-results.txt; then
+            echo "No critical vulnerabilities found! Continueing."
+            exit 0
+          else
+            echo "At least one critical vulnerabilities found! Exiting."
+            exit 1
+          fi

.github/workflows/docker-build.yaml

@@ -0,0 +1,38 @@
+name: Docker-Build
+
+on:
+  schedule:
+    - cron: "0 0 * * *"  # Daily at midnight UTC
+  workflow_dispatch:
+    inputs:
+      trigger-build:
+        description: 'Trigger a manual build and push'
+        default: 'true'
+
+env:
+  DOCKER_IMAGE: donaldzou/wgdashboard
+
+jobs:
+  docker_build:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and export
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ${{ env.DOCKER_IMAGE }}:latest

.github/workflows/main.yml

@@ -1,56 +0,0 @@
-name: Docker Image Build and Analysis
-
-on:
-  schedule:
-    - cron: "0 0 * * *"  # Schedule the workflow to run daily at midnight (UTC time). Adjust the time if needed.
-  workflow_dispatch:  # Manual run trigger
-    inputs:
-      trigger-build:
-        description: 'Trigger a manual build and push'
-        default: 'true'
-
-jobs:
-  build-and-analyze:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-
-      - name: Log in to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Build Docker image
-        id: build-image
-        run: |
-          echo "Building Docker image..."
-          docker build -t my-app-image:latest .
-          echo "Docker image built successfully."
-
-      - name: Install Docker Scout
-        run: |
-          echo "Installing Docker Scout..."
-          curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
-          echo "Docker Scout installed successfully."
-
-      - name: Analyze Docker image with Docker Scout
-        id: analyze-image
-        run: |
-          echo "Analyzing Docker image with Docker Scout..."
-          docker scout cves my-app-image:latest > scout-results.txt
-          cat scout-results.txt  # Print the report to the workflow logs for easy viewing
-          echo "Docker Scout analysis completed."
-
-      - name: Post Comment on Issue or PR
-        run: |
-          COMMENT="**Docker Image Build and Analysis Report**\n\nThe Docker image was built and analyzed successfully.\n\n**Build Summary:**\n- Image Tag: my-app-image:latest\n\n**Analysis Report:**\n\`\`\`\n$(cat scout-results.txt)\n\`\`\`"
-          
-          # Post comment using GitHub API
-          curl -X POST \
-            -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-            -H "Accept: application/vnd.github.v3+json" \
-            -d "{\"body\": \"$COMMENT\"}" \
-            "https://api.github.com/repos/NOXCIS/WGDashboard/issues/1/comments"  # Replace '1' with the issue or PR number