Skip to content

Merge pull request #706 from evemonk/dependabot/bundler/net-ssh-7.2.1 #767

Merge pull request #706 from evemonk/dependabot/bundler/net-ssh-7.2.1

Merge pull request #706 from evemonk/dependabot/bundler/net-ssh-7.2.1 #767

Workflow file for this run

name: Docker
on:
push:
branches:
- main
tags:
- "v*.*.*"
schedule:
- cron: "0 21 * * 6"
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Docker meta
id: meta
uses: docker/metadata-action@9dc751fe249ad99385a2583ee0d084c400eee04e # v5.4.0
with:
images: biow0lf/evemonk-pg-extras
- name: Login to Docker Hub
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
- name: Build and push
id: docker_build
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
with:
pull: true
push: true
no-cache: true
# platforms: linux/amd64,linux/arm64
platforms: linux/amd64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601 # master
with:
image-ref: "docker.io/biow0lf/evemonk-pg-extras:main"
format: "table"
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL,HIGH"