mirror of
https://github.com/donaldzou/WGDashboard.git
synced 2024-11-06 07:50:13 +01:00
commit
1cc321ddff
@ -38,11 +38,11 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
uses: actions/checkout@v3
|
||||
|
||||
# Initializes the CodeQL tools for scanning.
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@v1
|
||||
uses: github/codeql-action/init@v3
|
||||
with:
|
||||
languages: ${{ matrix.language }}
|
||||
# If you wish to specify custom queries, you can do so here or in a config file.
|
||||
@ -53,7 +53,7 @@ jobs:
|
||||
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
|
||||
# If this step fails, then you should remove it and run the build manually (see below)
|
||||
- name: Autobuild
|
||||
uses: github/codeql-action/autobuild@v1
|
||||
uses: github/codeql-action/autobuild@v3
|
||||
|
||||
# ℹ️ Command-line programs to run using the OS shell.
|
||||
# 📚 https://git.io/JvXDl
|
||||
@ -67,4 +67,4 @@ jobs:
|
||||
# make release
|
||||
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@v1
|
||||
uses: github/codeql-action/analyze@v3
|
50
.github/workflows/docker-analyze.yaml
vendored
Normal file
50
.github/workflows/docker-analyze.yaml
vendored
Normal file
@ -0,0 +1,50 @@
|
||||
name: Docker-Analyze
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: "0 0 * * *" # Daily at midnight UTC
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
trigger-build:
|
||||
description: 'Trigger a manual build and push'
|
||||
default: 'true'
|
||||
|
||||
env:
|
||||
DOCKER_IMAGE: dselen/wgdashboard
|
||||
|
||||
jobs:
|
||||
docker_analyze:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
fail-fast: false
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Log in to Docker Hub
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
||||
|
||||
- name: Install Docker Scout
|
||||
run: |
|
||||
echo "Installing Docker Scout..."
|
||||
curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
|
||||
echo "Docker Scout installed successfully."
|
||||
- name: Analyze Docker image with Docker Scout
|
||||
id: analyze-image
|
||||
run: |
|
||||
echo "Analyzing Docker image with Docker Scout..."
|
||||
docker scout cves ${{ env.DOCKER_IMAGE }}:latest > scout-results.txt
|
||||
cat scout-results.txt
|
||||
echo "Docker Scout analysis completed."
|
||||
- name: Fail if critical CVEs are found
|
||||
run: |
|
||||
if grep -q "0C" scout-results.txt; then
|
||||
echo "No critical vulnerabilities found! Continueing."
|
||||
exit 0
|
||||
else
|
||||
echo "At least one critical vulnerabilities found! Exiting."
|
||||
exit 1
|
||||
fi
|
38
.github/workflows/docker-build.yaml
vendored
Normal file
38
.github/workflows/docker-build.yaml
vendored
Normal file
@ -0,0 +1,38 @@
|
||||
name: Docker-Build
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: "0 0 * * *" # Daily at midnight UTC
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
trigger-build:
|
||||
description: 'Trigger a manual build and push'
|
||||
default: 'true'
|
||||
|
||||
env:
|
||||
DOCKER_IMAGE: donaldzou/wgdashboard
|
||||
|
||||
jobs:
|
||||
docker_build:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
fail-fast: false
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Log in to Docker Hub
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Build and export
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
tags: ${{ env.DOCKER_IMAGE }}:latest
|
56
.github/workflows/main.yml
vendored
56
.github/workflows/main.yml
vendored
@ -1,56 +0,0 @@
|
||||
name: Docker Image Build and Analysis
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: "0 0 * * *" # Schedule the workflow to run daily at midnight (UTC time). Adjust the time if needed.
|
||||
workflow_dispatch: # Manual run trigger
|
||||
inputs:
|
||||
trigger-build:
|
||||
description: 'Trigger a manual build and push'
|
||||
default: 'true'
|
||||
|
||||
jobs:
|
||||
build-and-analyze:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Log in to Docker Hub
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
||||
- name: Build Docker image
|
||||
id: build-image
|
||||
run: |
|
||||
echo "Building Docker image..."
|
||||
docker build -t my-app-image:latest .
|
||||
echo "Docker image built successfully."
|
||||
|
||||
- name: Install Docker Scout
|
||||
run: |
|
||||
echo "Installing Docker Scout..."
|
||||
curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
|
||||
echo "Docker Scout installed successfully."
|
||||
|
||||
- name: Analyze Docker image with Docker Scout
|
||||
id: analyze-image
|
||||
run: |
|
||||
echo "Analyzing Docker image with Docker Scout..."
|
||||
docker scout cves my-app-image:latest > scout-results.txt
|
||||
cat scout-results.txt # Print the report to the workflow logs for easy viewing
|
||||
echo "Docker Scout analysis completed."
|
||||
|
||||
- name: Post Comment on Issue or PR
|
||||
run: |
|
||||
COMMENT="**Docker Image Build and Analysis Report**\n\nThe Docker image was built and analyzed successfully.\n\n**Build Summary:**\n- Image Tag: my-app-image:latest\n\n**Analysis Report:**\n\`\`\`\n$(cat scout-results.txt)\n\`\`\`"
|
||||
|
||||
# Post comment using GitHub API
|
||||
curl -X POST \
|
||||
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
|
||||
-H "Accept: application/vnd.github.v3+json" \
|
||||
-d "{\"body\": \"$COMMENT\"}" \
|
||||
"https://api.github.com/repos/NOXCIS/WGDashboard/issues/1/comments" # Replace '1' with the issue or PR number
|
Loading…
Reference in New Issue
Block a user