Bump anchore/scan-action from 4 to 5 in the github-actions group #304
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: tests | |
on: | |
push: | |
branches: [master, main] | |
paths-ignore: ['**.md'] | |
tags-ignore: ['**'] | |
pull_request: | |
paths-ignore: ['**.md'] | |
concurrency: | |
group: ${{ github.ref }} | |
cancel-in-progress: true | |
jobs: # Docs: <https://git.io/JvxXE> | |
gitleaks: | |
name: Gitleaks | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: {fetch-depth: 0} | |
- uses: gacts/gitleaks@v1 # Action page: <https://github.com/gacts/gitleaks> | |
build-image: | |
name: Build docker image | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- run: docker build -f ./Dockerfile --tag curl:local . | |
- run: docker build -f ./Dockerfile --build-arg "BASE_IMAGE=alpine:latest" --tag curl:local-alpine . | |
- run: docker save curl:local > ./docker-image.tar | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: docker-image | |
path: ./docker-image.tar | |
retention-days: 1 | |
scan-image: | |
name: Scan docker image | |
runs-on: ubuntu-latest | |
needs: [build-image] | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: {name: docker-image, path: .artifact} | |
- working-directory: .artifact | |
run: docker load < docker-image.tar | |
- uses: anchore/scan-action@v5 # action page: <https://github.com/anchore/scan-action> | |
with: | |
image: curl:local | |
fail-build: true | |
severity-cutoff: low # negligible, low, medium, high or critical | |
try-to-use: | |
name: Use docker image | |
runs-on: ubuntu-latest | |
needs: [build-image] | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
name: docker-image | |
path: .artifact | |
- name: Prepare image to run | |
working-directory: .artifact | |
run: docker load < docker-image.tar | |
- name: Try to run (github.com) | |
run: docker run --rm curl:local --fail https://github.com/ | |
- name: Try to run (1.1.1.1) | |
run: docker run --rm curl:local --fail https://1.1.1.1/ | |
- name: Try to run (ppa.launchpad.net) | |
run: docker run --rm curl:local --fail http://ppa.launchpad.net/ | |
- name: Should exit with code 1 | |
run: | | |
docker run --rm curl:local --fail "https://httpbin.org/status/401" || ec=$? | |
test $ec -eq 1 && echo "all is ok (code = $ec)" || ( echo "Wrong exit code: $ec"; exit 1 ) |