diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index ce54d4c..a820687 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -31,31 +31,6 @@ on: default: "[ 'self-hosted', 'ubuntu-focal' ]" required: false - # Trivy Options - trivy: - type: boolean - required: false - default: true - description: Enable trivy image vulnerability check - - trivy-exit-code: - type: number - required: false - default: 0 - description: Exit code when vulnerabilities were found - - trivy-severity: - type: string - required: false - default: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL - description: severities of vulnerabilities to be displayed (comma separated) - - trivy-format: - type: string - required: false - default: table - description: How to display the results - secrets: username: required: true @@ -100,34 +75,12 @@ jobs: password: ${{ secrets.password }} - name: Build Docker images - if: ${{ inputs.trivy }} uses: docker/build-push-action@v3 with: - load: true + push: true file: ${{ inputs.file }} tags: ${{ steps.meta.outputs.tags }} cache-to: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:buildcache,mode=max cache-from: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:buildcache build-args: ${{ inputs.build-args }} secrets: ${{ secrets.build-secrets }} - - - name: Run Trivy vulnerability scanner - if: ${{ inputs.trivy }} - uses: aquasecurity/trivy-action@master - with: - image-ref: ${{ fromJson(steps.meta.outputs.json).tags[0] }} - format: ${{ inputs.format }} - exit-code: ${{ inputs.exit-code }} - severity: ${{ inputs.severity }} - - - name: Build Docker images - if: ${{ inputs.trivy }} - uses: docker/build-push-action@v3 - with: - load: true - file: ${{ inputs.file }} - tags: ${{ steps.meta.outputs.tags }} - cache-to: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:buildcache - cache-from: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:buildcache - build-args: ${{ inputs.build-args }} - secrets: ${{ secrets.build-secrets }}