Skip to content

Bump anchore/scan-action from 4 to 5 in the github-actions group #304

Bump anchore/scan-action from 4 to 5 in the github-actions group

Bump anchore/scan-action from 4 to 5 in the github-actions group #304

Workflow file for this run

name: tests
on:
push:
branches: [master, main]
paths-ignore: ['**.md']
tags-ignore: ['**']
pull_request:
paths-ignore: ['**.md']
concurrency:
group: ${{ github.ref }}
cancel-in-progress: true
jobs: # Docs: <https://git.io/JvxXE>
gitleaks:
name: Gitleaks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with: {fetch-depth: 0}
- uses: gacts/gitleaks@v1 # Action page: <https://github.com/gacts/gitleaks>
build-image:
name: Build docker image
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: docker build -f ./Dockerfile --tag curl:local .
- run: docker build -f ./Dockerfile --build-arg "BASE_IMAGE=alpine:latest" --tag curl:local-alpine .
- run: docker save curl:local > ./docker-image.tar
- uses: actions/upload-artifact@v4
with:
name: docker-image
path: ./docker-image.tar
retention-days: 1
scan-image:
name: Scan docker image
runs-on: ubuntu-latest
needs: [build-image]
steps:
- uses: actions/download-artifact@v4
with: {name: docker-image, path: .artifact}
- working-directory: .artifact
run: docker load < docker-image.tar
- uses: anchore/scan-action@v5 # action page: <https://github.com/anchore/scan-action>
with:
image: curl:local
fail-build: true
severity-cutoff: low # negligible, low, medium, high or critical
try-to-use:
name: Use docker image
runs-on: ubuntu-latest
needs: [build-image]
steps:
- uses: actions/download-artifact@v4
with:
name: docker-image
path: .artifact
- name: Prepare image to run
working-directory: .artifact
run: docker load < docker-image.tar
- name: Try to run (github.com)
run: docker run --rm curl:local --fail https://github.com/
- name: Try to run (1.1.1.1)
run: docker run --rm curl:local --fail https://1.1.1.1/
- name: Try to run (ppa.launchpad.net)
run: docker run --rm curl:local --fail http://ppa.launchpad.net/
- name: Should exit with code 1
run: |
docker run --rm curl:local --fail "https://httpbin.org/status/401" || ec=$?
test $ec -eq 1 && echo "all is ok (code = $ec)" || ( echo "Wrong exit code: $ec"; exit 1 )