Compare commits
2 Commits
78d3165ff1
...
4a4a04900c
| Author | SHA1 | Date | |
|---|---|---|---|
|
4a4a04900c | ||
|
|
4fbcbbc261 |
6
.dockerignore
Normal file
6
.dockerignore
Normal file
@@ -0,0 +1,6 @@
|
||||
# Ignore everything
|
||||
**
|
||||
|
||||
# Except for
|
||||
!telegram_downloader_bot/
|
||||
!requirements.txt
|
||||
@@ -31,26 +31,26 @@ jobs:
|
||||
needs: test
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: https://github.com/actions/checkout@v4
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Get date for image label
|
||||
id: date
|
||||
run: echo "::set-output name=date::$(date +'%Y-%m-%d')"
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: https://github.com/docker/setup-buildx-action@v3
|
||||
uses: docker/setup-buildx-action@v3
|
||||
with:
|
||||
driver: docker-container
|
||||
|
||||
- name: Login to Docker Registry
|
||||
uses: https://github.com/docker/login-action@v3
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: git.orebolt.cz
|
||||
username: ${{ secrets.REGISTRY_USERNAME }}
|
||||
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||
|
||||
- name: Build and push image
|
||||
uses: https://github.com/docker/build-push-action@v5
|
||||
uses: docker/build-push-action@v5
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
@@ -66,3 +66,15 @@ jobs:
|
||||
org.opencontainers.image.vendor=Orebolt.cz
|
||||
org.opencontainers.image.ref.name=${{ env.GITHUB_REF }}
|
||||
org.opencontainers.image.title=Telegram Downloader
|
||||
|
||||
- name: Run Trivy vulnerability scanner
|
||||
uses: aquasecurity/trivy-action@0.24.0
|
||||
with:
|
||||
image-ref: '${{ vars.DOCKER_IMAGE }}:latest'
|
||||
format: 'sarif'
|
||||
output: 'trivy-results.sarif'
|
||||
|
||||
- name: Upload Trivy scan results Security tab
|
||||
uses: codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: 'trivy-results.sarif'
|
||||
|
||||
Reference in New Issue
Block a user