Merge pull request #106 from rancher/dependabot/github_actions/aquase… #64

	on:
	push:
	branches:
	- master
	pull_request:

	name: Build
	jobs:
	build-amd64:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Set the TAG value
	id: get-TAG
	run: \|
	echo "$(make -s log \| grep TAG)" >> "$GITHUB_ENV"
	- name: Build container image
	uses: docker/build-push-action@v6
	with:
	context: .
	push: false
	tags: rancher/hardened-flannel:${{ env.TAG }}-amd64
	file: Dockerfile
	build-args: \|
	TAG=${{ env.TAG }}

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/[email protected]
	with:
	image-ref: rancher/hardened-flannel:${{ env.TAG }}-amd64
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'

	build-arm64:
	runs-on: ubuntu-latest
	steps:
	- name: Check out code
	uses: actions/checkout@v4

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Set the TAG value
	id: get-TAG
	run: \|
	echo "$(make -s log \| grep TAG)" >> "$GITHUB_ENV"
	- name: Build container image
	uses: docker/build-push-action@v6
	with:
	context: .
	push: false
	tags: rancher/hardened-flannel:${{ env.TAG }}-arm64
	file: Dockerfile
	outputs: type=docker
	platforms: linux/arm64
	build-args: \|
	TAG=${{ env.TAG }}

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/[email protected]
	with:
	image-ref: rancher/hardened-flannel:${{ env.TAG }}-arm64
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'

Provide feedback