Skip to content

Update Dockerfile (#77) #158

Update Dockerfile (#77)

Update Dockerfile (#77) #158

Workflow file for this run

name: Snyk Container
on:
push:
branches: [ "main" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "main" ]
schedule:
- cron: '30 22 * * 5'
permissions:
contents: read
jobs:
snyk:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
config:
- {name: base-r}
name: ${{ matrix.config.name }}
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3.6.1
- name: Build docker image
uses: docker/build-push-action@v6.7.0
with:
context: ./${{ matrix.config.name }}/.
file: ./${{ matrix.config.name }}/Dockerfile
push: false
tags: rapporteket/${{ matrix.config.name }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Run Snyk to check Docker image for vulnerabilities
# Snyk can be used to break the build when it detects vulnerabilities.
# In this case we want to upload the issues to GitHub Code Scanning
continue-on-error: true
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: rapporteket/${{ matrix.config.name }}
args: --file=${{ matrix.config.name }}/Dockerfile --severity-threshold=critical
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif
- name: Monitor image in Snyk UI
continue-on-error: true
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: monitor
image: rapporteket/${{ matrix.config.name }}
args: --file=${{ matrix.config.name }}/Dockerfile --severity-threshold=critical --org=b034af62-43be-40c7-95e8-fdc56d6f3092
- name: Accept only vulnerability levels below critical
continue-on-error: false
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: rapporteket/${{ matrix.config.name }}
args: --file=${{ matrix.config.name }}/Dockerfile --severity-threshold=critical