Skip to content

Validate Docker Image #508

Validate Docker Image

Validate Docker Image #508

name: Validate Docker Image
on:
workflow_dispatch:
inputs:
failure_severity:
description: The severity to fail the workflow if such vulnerability is detected. DO NOT override it unless a Jira ticket is raised.
type: choice
options:
- CRITICAL,HIGH
- CRITICAL,HIGH,MEDIUM
- CRITICAL (DO NOT use if JIRA ticket not raised)
fail_on_error:
description: If true, will fail the build if vulnerabilities are found
required: true
type: boolean
default: true
schedule:
- cron: '0 20 * * *' #every day at 20:00
jobs:
build-publish-docker-default:
uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v2
with:
failure_severity: ${{ inputs.failure_severity || 'CRITICAL,HIGH' }}
fail_on_error: ${{ inputs.fail_on_error || true }}
cloud_provider: 'default'
secrets: inherit
build-publish-docker-aws:
uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v2
with:
failure_severity: ${{ inputs.failure_severity || 'CRITICAL,HIGH' }}
fail_on_error: ${{ inputs.fail_on_error || true }}
cloud_provider: 'aws'
secrets: inherit
needs: [build-publish-docker-default]
build-publish-docker-gcp:
uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v2
with:
failure_severity: ${{ inputs.failure_severity || 'CRITICAL,HIGH' }}
fail_on_error: ${{ inputs.fail_on_error || true }}
cloud_provider: 'gcp'
secrets: inherit
needs: [build-publish-docker-aws]
build-publish-docker-azure:
uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v2
with:
failure_severity: ${{ inputs.failure_severity || 'CRITICAL,HIGH' }}
fail_on_error: ${{ inputs.fail_on_error || true }}
cloud_provider: 'azure'
secrets: inherit
needs: [build-publish-docker-gcp]