From 4a4a04900cf191739fd3435bb7f72652d9cc947a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20Kr=C4=8Dek?= Date: Mon, 7 Oct 2024 13:36:18 +0200 Subject: [PATCH] Add Tricy to CI --- .gitea/workflows/release.yml | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml index 6f9f1b2..9ef7dab 100644 --- a/.gitea/workflows/release.yml +++ b/.gitea/workflows/release.yml @@ -31,26 +31,26 @@ jobs: needs: test steps: - name: Checkout code - uses: https://github.com/actions/checkout@v4 + uses: actions/checkout@v4 - name: Get date for image label id: date run: echo "::set-output name=date::$(date +'%Y-%m-%d')" - name: Set up Docker Buildx - uses: https://github.com/docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v3 with: driver: docker-container - name: Login to Docker Registry - uses: https://github.com/docker/login-action@v3 + uses: docker/login-action@v3 with: registry: git.orebolt.cz username: ${{ secrets.REGISTRY_USERNAME }} password: ${{ secrets.REGISTRY_TOKEN }} - name: Build and push image - uses: https://github.com/docker/build-push-action@v5 + uses: docker/build-push-action@v5 with: context: . push: true @@ -66,3 +66,15 @@ jobs: org.opencontainers.image.vendor=Orebolt.cz org.opencontainers.image.ref.name=${{ env.GITHUB_REF }} org.opencontainers.image.title=Telegram Downloader + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.24.0 + with: + image-ref: '${{ vars.DOCKER_IMAGE }}:latest' + format: 'sarif' + output: 'trivy-results.sarif' + + - name: Upload Trivy scan results Security tab + uses: codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif'