Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 98313bf0e1 | |||
| 70a225152c | |||
| 893dfd4d56 |
@@ -1,13 +1,10 @@
|
||||
name: build-image
|
||||
run-name: build and push Docker-Image
|
||||
run-name: build and push Docker-Image with tag:${{ github.ref_name }}
|
||||
|
||||
on:
|
||||
workflow_dispatch: # Manuelles Auslösen des Workflows
|
||||
inputs:
|
||||
image_tag:
|
||||
description: 'Tag für das Docker-Image z.B. v1.0.0 (latest wird immer mit gebaut)'
|
||||
required: true
|
||||
default: '1.1.0'
|
||||
push:
|
||||
tags:
|
||||
- "*"
|
||||
|
||||
env:
|
||||
image_name: 404_games
|
||||
@@ -42,5 +39,5 @@ jobs:
|
||||
--file ./Dockerfile \
|
||||
--platform linux/amd64,linux/386,linux/arm64,linux/arm/v7 \
|
||||
--tag ${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:latest \
|
||||
--tag ${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ github.event.inputs.image_tag }} \
|
||||
--tag ${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ github.ref_name }} \
|
||||
--push ./
|
||||
|
||||
@@ -22,7 +22,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
container: aquasec/trivy:latest
|
||||
steps:
|
||||
- name: Scan image with trivy
|
||||
- name: Scan linux/amd64-image
|
||||
run: |
|
||||
trivy image \
|
||||
--username ${{ env.user }} \
|
||||
@@ -31,4 +31,65 @@ jobs:
|
||||
--scanners vuln,misconfig,secret \
|
||||
--severity HIGH,CRITICAL \
|
||||
--ignore-unfixed \
|
||||
--platform linux/amd64 \
|
||||
${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }}
|
||||
- name: Scan linux/386-image
|
||||
run: |
|
||||
trivy image \
|
||||
--username ${{ env.user }} \
|
||||
--password ${{ secrets.DOCKER_PULL_TOKEN }} \
|
||||
--exit-code 1 \
|
||||
--scanners vuln,misconfig,secret \
|
||||
--severity HIGH,CRITICAL \
|
||||
--ignore-unfixed \
|
||||
--platform linux/386 \
|
||||
${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }}
|
||||
- name: Scan linux/arm64-image
|
||||
run: |
|
||||
trivy image \
|
||||
--username ${{ env.user }} \
|
||||
--password ${{ secrets.DOCKER_PULL_TOKEN }} \
|
||||
--exit-code 1 \
|
||||
--scanners vuln,misconfig,secret \
|
||||
--severity HIGH,CRITICAL \
|
||||
--ignore-unfixed \
|
||||
--platform linux/arm64 \
|
||||
${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }}
|
||||
- name: Scan linux/arm/v7-image
|
||||
run: |
|
||||
trivy image \
|
||||
--username ${{ env.user }} \
|
||||
--password ${{ secrets.DOCKER_PULL_TOKEN }} \
|
||||
--exit-code 1 \
|
||||
--scanners vuln,misconfig,secret \
|
||||
--severity HIGH,CRITICAL \
|
||||
--ignore-unfixed \
|
||||
--platform linux/arm/v7 \
|
||||
${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }}
|
||||
|
||||
telegram-notify:
|
||||
needs: trivy_image_scan
|
||||
if: always()
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Telegram Alert
|
||||
run: |
|
||||
case "${{ needs.trivy_image_scan.result }}" in
|
||||
"success") EMOJI="✅"; MSG="OK" ;;
|
||||
"failure") EMOJI="❌"; MSG="WARN!" ;;
|
||||
"cancelled") EMOJI="⏹️"; MSG="Canceled" ;;
|
||||
*) EMOJI="❓"; MSG="Unknown-State: ${{ needs.trivy_image_scan.result }}" ;;
|
||||
esac
|
||||
|
||||
curl -s -X POST "https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage" \
|
||||
-H 'Content-Type: application/json' \
|
||||
-d "{
|
||||
\"chat_id\": \"${{ secrets.TELEGRAM_CHAT_ID }}\",
|
||||
\"parse_mode\": \"HTML\",
|
||||
\"text\":
|
||||
\"$EMOJI <b>$MSG - Scan ${{ env.image_name }}:${{ env.image_tag }}</b>
|
||||
<i>$(date +"%Y-%m-%d %T")</i>
|
||||
Trivy-Image-Scan of: <b><i>${{ env.image_name }}:${{ env.image_tag }}</i></b>
|
||||
${{ gitea.server_url }}/${{ gitea.repository }}
|
||||
\"
|
||||
}"
|
||||
|
||||
Reference in New Issue
Block a user