Skip to content

Commit d110606

Browse files
estahnestahn
authored
chore: enable image scan through anchore (#74)
* chore: enable image scan through anchore * chore: build entire image before doing image scan * chore: fix goreleaser config * chore: enable anchore to fail * chore: remove pull_request event from ci
1 parent 2403de8 commit d110606

File tree

2 files changed

+40
-7
lines changed

2 files changed

+40
-7
lines changed

.github/workflows/go.yml

Lines changed: 38 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
name: Go
2-
on: [push, pull_request]
2+
on: [push]
33
jobs:
44

55
lint:
@@ -39,6 +39,39 @@ jobs:
3939
- name: Test
4040
run: go test ./...
4141

42+
image-scan:
43+
name: Image Scan
44+
runs-on: ubuntu-latest
45+
steps:
46+
- name: Checkout
47+
uses: actions/checkout@v2
48+
49+
- name: Unshallow
50+
run: git fetch --prune --unshallow
51+
52+
- name: Set up Go
53+
uses: actions/setup-go@v1
54+
with:
55+
go-version: 1.14
56+
id: go
57+
58+
- name: Run GoReleaser
59+
uses: goreleaser/goreleaser-action@v1
60+
with:
61+
version: latest
62+
args: release --rm-dist --skip-validate --skip-publish
63+
key: ${{ secrets.YOUR_PRIVATE_KEY }}
64+
env:
65+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
66+
67+
- name: Scan image
68+
uses: anchore/scan-action@master
69+
with:
70+
image-reference: "hipages/php-fpm_exporter:latest"
71+
dockerfile-path: "./Dockerfile"
72+
fail-build: true
73+
include-app-packages: true
74+
4275
tag:
4376
name: Tag
4477
runs-on: ubuntu-latest
@@ -54,7 +87,7 @@ jobs:
5487

5588
- name: Unshallow
5689
run: git fetch --prune --unshallow
57-
90+
5891
- name: Install semantic-release
5992
run: yarn global add --no-progress --non-interactive "semantic-release" "@semantic-release/exec"
6093

@@ -70,16 +103,16 @@ jobs:
70103
steps:
71104
- name: Checkout
72105
uses: actions/checkout@v2
73-
106+
74107
- name: Unshallow
75108
run: git fetch --prune --unshallow
76-
109+
77110
- name: Set up Go
78111
uses: actions/setup-go@v1
79112
with:
80113
go-version: 1.14
81114
id: go
82-
115+
83116
- name: Run GoReleaser
84117
uses: goreleaser/goreleaser-action@v1
85118
with:

.goreleaser.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,5 +20,5 @@ dockers:
2020
- "--build-arg=BUILD_DATE={{.Date}}"
2121
- "--build-arg=VCS_REF={{.FullCommit}}"
2222

23-
archive:
24-
format: binary
23+
archives:
24+
- format: binary

0 commit comments

Comments
 (0)