github.com/percona/percona-xtradb-cluster-operator@v1.14.0/.github/workflows/scan.yml (about) 1 name: Scan docker 2 on: [pull_request] 3 4 env: 5 # Use docker.io for Docker Hub if empty 6 REGISTRY: docker.io 7 8 # github.repository as <account>/<repo> 9 IMAGE_NAME: perconalab/percona-xtradb-cluster-operator 10 11 jobs: 12 build: 13 name: Build 14 runs-on: ubuntu-latest 15 steps: 16 - name: Checkout code 17 uses: actions/checkout@v4 18 19 - name: Set up QEMU 20 uses: docker/setup-qemu-action@v3 21 22 - name: Set up Docker Buildx 23 uses: docker/setup-buildx-action@v3 24 25 - name: Build an image from Dockerfile (linux/arm64) 26 run: | 27 export IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-arm64 28 export DOCKER_PUSH=0 29 export DOCKER_SQUASH=0 30 export DOCKER_DEFAULT_PLATFORM='linux/arm64' 31 ./e2e-tests/build 32 33 - name: Run Trivy vulnerability scanner image (linux/arm64) 34 uses: aquasecurity/trivy-action@0.16.1 35 with: 36 image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-arm64' 37 format: 'table' 38 exit-code: '1' 39 ignore-unfixed: true 40 vuln-type: 'os,library' 41 severity: 'CRITICAL,HIGH' 42 43 - name: Build an image from Dockerfile (linux/amd64) 44 run: | 45 export IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-amd64 46 export DOCKER_PUSH=0 47 export DOCKER_SQUASH=0 48 export DOCKER_DEFAULT_PLATFORM='linux/amd64' 49 ./e2e-tests/build 50 51 - name: Run Trivy vulnerability scanner image (linux/amd64) 52 uses: aquasecurity/trivy-action@0.16.1 53 with: 54 image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-amd64' 55 format: 'table' 56 exit-code: '1' 57 ignore-unfixed: true 58 vuln-type: 'os,library' 59 severity: 'CRITICAL,HIGH'