Wip: pipelines

containerscrew · Aug 13, 2024 · 79f6513 · 79f6513
1 parent 9f4376f
commit 79f6513
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 18 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -69,6 +69,7 @@ env:
 
 jobs:
   build:
+    name: build
     runs-on: ubuntu-latest
     steps:
       - name: Set up QEMU
@@ -96,21 +97,25 @@ jobs:
         with:
           platforms: linux/amd64,linux/arm64
           push: false
-          tags: test/test:latest
-
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: '${{env.REPOSITORY}}:${{env.IMAGE_TAG}}'
-          format: 'sarif'
-          output: 'trivy-results.sarif'
-          vuln-type: 'os,library'
-          ignore-unfixed: false
-        env:
-          TRIVY_USERNAME: ${{ secrets.DOCKERHUB_AUTH_USERNAME }}
-          TRIVY_PASSWORD: ${{ secrets.DOCKERHUB_AUTH_TOKEN }}
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: 'trivy-results.sarif'
+          tags: ${{ env.REPOSITORY }}:latest,${{ env.REPOSITORY }}:${{ env.IMAGE_TAG }}
+  sec:
+      name: sec
+      runs-on: ubuntu-latest
+      needs: build
+      steps:
+        - name: Run Trivy vulnerability scanner
+          uses: aquasecurity/trivy-action@master
+          with:
+            image-ref: '${{env.REPOSITORY}}:${{env.IMAGE_TAG}}'
+            format: 'sarif'
+            output: 'trivy-results.sarif'
+            vuln-type: 'os,library'
+            ignore-unfixed: false
+          env:
+            TRIVY_USERNAME: ${{ secrets.DOCKERHUB_AUTH_USERNAME }}
+            TRIVY_PASSWORD: ${{ secrets.DOCKERHUB_AUTH_TOKEN }}
+
+        - name: Upload Trivy scan results to GitHub Security tab
+          uses: github/codeql-action/upload-sarif@v3
+          with:
+            sarif_file: 'trivy-results.sarif'
diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml
@@ -2,6 +2,8 @@ name: Hadolint 👀
 
 on:
   push:
+    paths:
+      - Dockerfile
     branches:
       - '*'
     tags: