-tests scanning

holomekc · Dec 27, 2023 · 9b490f9 · 9b490f9
1 parent b095ea0
commit 9b490f9
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 4 deletions.
diff --git a/.github/workflows/docker-image-scan.yml b/.github/workflows/docker-image-scan.yml
@@ -3,9 +3,11 @@ on:
   workflow_dispatch:
 
 jobs:
-  build:
+  scan:
     name: Build
     runs-on: ubuntu-latest
+    outputs:
+      result: ${{ steps.trivy-result.outputs.result }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
@@ -50,4 +52,15 @@ jobs:
       - name: Check result
         id: trivy-result
         run: |
-          cat result.json
+          jq -e 'select((.Results[].Vulnerabilities | length) > 0)' result.json && code=$? || code=$?
+          echo "result=${code}" >> $GITHUB_OUTPUT
+
+  docker:
+    needs: [scan]
+    if: jobs.scan.outputs.result != 0
+    uses: ./docker-release.yml
+    with:
+      version: ${{ needs.build.outputs.version }}
+    secrets:
+      dockerUsername: ${{ secrets.DOCKERHUB_USERNAME }}
+      dockerToken: ${{ secrets.DOCKERHUB_TOKEN }}
diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml
@@ -71,5 +71,5 @@ jobs:
           timeout 10 bash -c 'while ! curl --fail http://localhost:8080/__admin/webapp/files; do sleep 1; done'
           docker container rm -f test
 
-      - name: Push wiremock-gui image to Docker HUB
-        run: docker buildx build ${{ matrix.versions.CONTEXT }} --tag ${{ join(matrix.versions.IMAGES, ' --tag ') }} --build-arg WIREMOCK_VERSION=${{ inputs.version }} --platform ${{ matrix.versions.PLATFORMS }} --push
+#      - name: Push wiremock-gui image to Docker HUB
+#        run: docker buildx build ${{ matrix.versions.CONTEXT }} --tag ${{ join(matrix.versions.IMAGES, ' --tag ') }} --build-arg WIREMOCK_VERSION=${{ inputs.version }} --platform ${{ matrix.versions.PLATFORMS }} --push