Skip to content
Snyk test Docker image

Merge pull request #287 from achaikou/vds-slice-rename #64

Sign in to view logs

Merge pull request #287 from achaikou/vds-slice-rename

Merge pull request #287 from achaikou/vds-slice-rename #64

Workflow file for this run

.github/workflows/snyk.yaml at 67b738a
name: Snyk test Docker image
on:
push:
branches: [main, radix]
workflow_dispatch:
jobs:
# The following secrets are required:
# SNYK_TOKEN : token to run and upload data to snyk
snyk_test:
name: Snyk test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Load openvds image
uses: "./.github/actions/load_openvds_image"
- name: Set docker image tag name for snyk testing
id: set_tag
run: |
tag=$(echo "${{ github.repository }}/docker-image-${{ github.ref_name }}" \
| tr '[:upper:]' '[:lower:]')
echo "DOCKER_IMAGE_TAG=$tag" >> "$GITHUB_ENV"
- name: Build docker image
run: |
docker build \
-f Dockerfile \
--build-arg OPENVDS_IMAGE=${{ env.OPENVDS_IMAGE_TAG }} \
--tag $DOCKER_IMAGE_TAG \
.
- name: Run Snyk to check Docker image for vulnerabilities
id: docker-image-scan
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: monitor
image: $DOCKER_IMAGE_TAG
args:
--file=Dockerfile
--severity-threshold=high
openvds_snyk_monitor:
name: openvds snyk test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Load openvds image
uses: "./.github/actions/load_openvds_image"
- name: Set tag name for openvds snyk monitor
run: |
tag=$(echo "${{ github.repository }}/openvds-source-${{ github.ref_name }}" \
| tr '[:upper:]' '[:lower:]')
echo "OPENVDS_SNYK_PROJECT_TAG=$tag" >> "$GITHUB_ENV"
- name: Build docker image
run: |
docker build \
-f Dockerfile \
--build-arg OPENVDS_IMAGE=${{ env.OPENVDS_IMAGE_TAG }} \
--target openvds_snyk_monitor \
--tag $OPENVDS_SNYK_PROJECT_TAG \
.
- name: Run Snyk to check openvds for vulnerabilities
run: |
docker run \
--env SNYK_TOKEN=${{ secrets.SNYK_TOKEN }} \
--env SNYK_PROJECT_TAG=${{ env.OPENVDS_SNYK_PROJECT_TAG }} \
${{ env.OPENVDS_SNYK_PROJECT_TAG }}