Skip to content

Commit

Permalink
chore(ci): comment out Trivy due to instability (#119)
Browse files Browse the repository at this point in the history
  • Loading branch information
MSevey authored Oct 31, 2024
1 parent c7b7854 commit 45533fc
Showing 1 changed file with 37 additions and 37 deletions.
74 changes: 37 additions & 37 deletions .github/workflows/reusable_dockerfile_pipeline.yml
Original file line number Diff line number Diff line change
Expand Up @@ -148,50 +148,50 @@ jobs:
echo "Failing step due to build_for_pr == build_for_merge"
exit 1
docker-security:
needs: ["prepare-env", "logic-check"]
runs-on: "ubuntu-latest"
steps:
- name: Checkout
uses: "actions/checkout@v4"
with:
ref: ${{ inputs.checkout_ref }}
# docker-security:
# needs: ["prepare-env", "logic-check"]
# runs-on: "ubuntu-latest"
# steps:
# - name: Checkout
# uses: "actions/checkout@v4"
# with:
# ref: ${{ inputs.checkout_ref }}

- name: Build
uses: docker/build-push-action@v5
env:
OUTPUT_SHORT_SHA: ${{ needs.prepare-env.outputs.output_short_sha }}
OUTPUT_IMAGE_NAME: ${{ needs.prepare-env.outputs.output_image_name }}
with:
context: ${{ inputs.dockerContext}}
push: false
platforms: linux/amd64
# we're building the container before the scan, use the short sha tag
# for referring to it later
tags: ${{ env.OUTPUT_IMAGE_NAME }}:${{ env.OUTPUT_SHORT_SHA }}
file: ${{ inputs.dockerfile }}
# - name: Build
# uses: docker/build-push-action@v5
# env:
# OUTPUT_SHORT_SHA: ${{ needs.prepare-env.outputs.output_short_sha }}
# OUTPUT_IMAGE_NAME: ${{ needs.prepare-env.outputs.output_image_name }}
# with:
# context: ${{ inputs.dockerContext}}
# push: false
# platforms: linux/amd64
# # we're building the container before the scan, use the short sha tag
# # for referring to it later
# tags: ${{ env.OUTPUT_IMAGE_NAME }}:${{ env.OUTPUT_SHORT_SHA }}
# file: ${{ inputs.dockerfile }}

- name: Run Trivy vulnerability scanner
# source: https://github.com/aquasecurity/trivy-action
# https://github.com/marketplace/actions/aqua-security-trivy
uses: aquasecurity/trivy-action@master
env:
OUTPUT_SHORT_SHA: ${{ needs.prepare-env.outputs.output_short_sha }}
OUTPUT_IMAGE_NAME: ${{ needs.prepare-env.outputs.output_image_name }}
with:
# here we use the local tag that we've built before
image-ref: "${{ env.OUTPUT_IMAGE_NAME }}:${{ env.OUTPUT_SHORT_SHA }}"
format: "table"
#exit-code: '1' # uncomment to stop the CI if the scanner fails
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
# - name: Run Trivy vulnerability scanner
# # source: https://github.com/aquasecurity/trivy-action
# # https://github.com/marketplace/actions/aqua-security-trivy
# uses: aquasecurity/trivy-action@master
# env:
# OUTPUT_SHORT_SHA: ${{ needs.prepare-env.outputs.output_short_sha }}
# OUTPUT_IMAGE_NAME: ${{ needs.prepare-env.outputs.output_image_name }}
# with:
# # here we use the local tag that we've built before
# image-ref: "${{ env.OUTPUT_IMAGE_NAME }}:${{ env.OUTPUT_SHORT_SHA }}"
# format: "table"
# #exit-code: '1' # uncomment to stop the CI if the scanner fails
# ignore-unfixed: true
# vuln-type: "os,library"
# severity: "CRITICAL,HIGH"

docker-build:
name: docker-build (${{ matrix.registry.name }}; ${{ matrix.registry.registry-url }}/${{ matrix.registry.registry-owner }}/${{ needs.prepare-env.outputs.output_image_name }})
runs-on: "ubuntu-latest"
# wait until the jobs are finished.
needs: ["prepare-env", "logic-check", "docker-security"]
needs: ["prepare-env", "logic-check"]
# We only want to run this step if one of the build flags is true. We don't
# run if both logic flags are false. This is the case for push events on PR
# commits. The logic-check job protects us from the case of both build flags
Expand Down

0 comments on commit 45533fc

Please sign in to comment.