Skip to content

dep: update to fix Symfony CVE #86

dep: update to fix Symfony CVE

dep: update to fix Symfony CVE #86

Workflow file for this run

name: 📦 Create and publish release Docker image
on:
push:
branches: [ release ]
workflow_dispatch:
# build and deploy automatically once a month
schedule:
- cron: "7 0 1 * *"
env:
IMAGE_NAME: pbeke/qownnotes-api
IMAGE_TAG: latest-v3
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
-
name: Set up QEMU
uses: docker/setup-qemu-action@v1
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
id: docker_build
uses: docker/build-push-action@v2
with:
push: true
tags: ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
-
name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe
with:
image-ref: '${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}'
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'