mirror of
https://github.com/ditkrg/build-image-workflow.git
synced 2026-01-22 22:36:43 +00:00
Try to fix cache?
This commit is contained in:
parent
1e506a26a5
commit
936d4772b2
49
.github/workflows/workflow.yaml
vendored
49
.github/workflows/workflow.yaml
vendored
@ -31,31 +31,6 @@ on:
|
|||||||
default: "[ 'self-hosted', 'ubuntu-focal' ]"
|
default: "[ 'self-hosted', 'ubuntu-focal' ]"
|
||||||
required: false
|
required: false
|
||||||
|
|
||||||
# Trivy Options
|
|
||||||
trivy:
|
|
||||||
type: boolean
|
|
||||||
required: false
|
|
||||||
default: true
|
|
||||||
description: Enable trivy image vulnerability check
|
|
||||||
|
|
||||||
trivy-exit-code:
|
|
||||||
type: number
|
|
||||||
required: false
|
|
||||||
default: 0
|
|
||||||
description: Exit code when vulnerabilities were found
|
|
||||||
|
|
||||||
trivy-severity:
|
|
||||||
type: string
|
|
||||||
required: false
|
|
||||||
default: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
|
|
||||||
description: severities of vulnerabilities to be displayed (comma separated)
|
|
||||||
|
|
||||||
trivy-format:
|
|
||||||
type: string
|
|
||||||
required: false
|
|
||||||
default: table
|
|
||||||
description: How to display the results
|
|
||||||
|
|
||||||
secrets:
|
secrets:
|
||||||
username:
|
username:
|
||||||
required: true
|
required: true
|
||||||
@ -100,34 +75,12 @@ jobs:
|
|||||||
password: ${{ secrets.password }}
|
password: ${{ secrets.password }}
|
||||||
|
|
||||||
- name: Build Docker images
|
- name: Build Docker images
|
||||||
if: ${{ inputs.trivy }}
|
|
||||||
uses: docker/build-push-action@v3
|
uses: docker/build-push-action@v3
|
||||||
with:
|
with:
|
||||||
load: true
|
push: true
|
||||||
file: ${{ inputs.file }}
|
file: ${{ inputs.file }}
|
||||||
tags: ${{ steps.meta.outputs.tags }}
|
tags: ${{ steps.meta.outputs.tags }}
|
||||||
cache-to: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:buildcache,mode=max
|
cache-to: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:buildcache,mode=max
|
||||||
cache-from: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:buildcache
|
cache-from: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:buildcache
|
||||||
build-args: ${{ inputs.build-args }}
|
build-args: ${{ inputs.build-args }}
|
||||||
secrets: ${{ secrets.build-secrets }}
|
secrets: ${{ secrets.build-secrets }}
|
||||||
|
|
||||||
- name: Run Trivy vulnerability scanner
|
|
||||||
if: ${{ inputs.trivy }}
|
|
||||||
uses: aquasecurity/trivy-action@master
|
|
||||||
with:
|
|
||||||
image-ref: ${{ fromJson(steps.meta.outputs.json).tags[0] }}
|
|
||||||
format: ${{ inputs.format }}
|
|
||||||
exit-code: ${{ inputs.exit-code }}
|
|
||||||
severity: ${{ inputs.severity }}
|
|
||||||
|
|
||||||
- name: Build Docker images
|
|
||||||
if: ${{ inputs.trivy }}
|
|
||||||
uses: docker/build-push-action@v3
|
|
||||||
with:
|
|
||||||
load: true
|
|
||||||
file: ${{ inputs.file }}
|
|
||||||
tags: ${{ steps.meta.outputs.tags }}
|
|
||||||
cache-to: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:buildcache
|
|
||||||
cache-from: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:buildcache
|
|
||||||
build-args: ${{ inputs.build-args }}
|
|
||||||
secrets: ${{ secrets.build-secrets }}
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user