Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dropp push #99

Merged
merged 12 commits into from
Oct 8, 2024
Merged

Dropp push #99

Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
5025c43
Snyk-scan: dytt image til github registry
arnfinn Oct 7, 2024
23347ac
buildx nødvendig?
arnfinn Oct 7, 2024
e20c3a4
dytt til riktig register
arnfinn Oct 7, 2024
dfde02e
dropp labels
arnfinn Oct 7, 2024
d75ea79
skrivetilgang
arnfinn Oct 7, 2024
b2f8e9d
prøv med github.token
arnfinn Oct 7, 2024
e013a4e
logout: false
arnfinn Oct 7, 2024
17fd842
Prøv med ny token
arnfinn Oct 7, 2024
55cac9d
Log out
arnfinn Oct 8, 2024
7c4a291
hardkodet url til image
arnfinn Oct 8, 2024
1e5925f
Dropp dytting til registry. Kun bygge lokalt
arnfinn Oct 8, 2024
58b2df5
opprydning
arnfinn Oct 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 8 additions & 26 deletions .github/workflows/snyk.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,41 +4,23 @@ on:
push:
branches: [ "main" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "main" ]
schedule:
- cron: '30 22 * * 5'

permissions:
contents: read

jobs:
snyk:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
config:
- {name: base-r}
- {name: base-r-alpine}
name: ${{ matrix.config.name }}
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3.6.1
- name: Build docker image
uses: docker/build-push-action@v6.9.0
with:
context: ./${{ matrix.config.name }}/.
file: ./${{ matrix.config.name }}/Dockerfile
push: false
tags: rapporteket/${{ matrix.config.name }}
cache-from: type=gha
cache-to: type=gha,mode=max
run: docker build -t ${{ matrix.config.name }} -f ./${{ matrix.config.name }}/Dockerfile ./${{ matrix.config.name }}
- name: Run Snyk to check Docker image for vulnerabilities
# Snyk can be used to break the build when it detects vulnerabilities.
# In this case we want to upload the issues to GitHub Code Scanning
Expand All @@ -47,8 +29,8 @@ jobs:
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: rapporteket/${{ matrix.config.name }}
args: --file=${{ matrix.config.name }}/Dockerfile --severity-threshold=critical
image: ${{ matrix.config.name }}
args: --file=${{ matrix.config.name }}/Dockerfile --severity-threshold=high
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
Expand All @@ -60,13 +42,13 @@ jobs:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: monitor
image: rapporteket/${{ matrix.config.name }}
args: --file=${{ matrix.config.name }}/Dockerfile --severity-threshold=critical --org=b034af62-43be-40c7-95e8-fdc56d6f3092
- name: Accept only vulnerability levels below critical
image: ${{ matrix.config.name }}
args: --file=${{ matrix.config.name }}/Dockerfile --severity-threshold=high --org=b034af62-43be-40c7-95e8-fdc56d6f3092
- name: Accept only vulnerability levels below high
continue-on-error: false
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: rapporteket/${{ matrix.config.name }}
args: --file=${{ matrix.config.name }}/Dockerfile --severity-threshold=critical
image: ${{ matrix.config.name }}
args: --file=${{ matrix.config.name }}/Dockerfile --severity-threshold=high