paspo/docker-glpi
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

switched from drone to gitea actions
All checks were successful
Container Publish / on-success-skip (push) Has been skipped
Details
Container Publish / build-image (arm64) (push) Successful in 17s
Details
Container Publish / build-image (amd64) (push) Successful in 18s
Details
Container Publish / update docker manifest (push) Successful in 18s
Details
Vulnerability Scan / Daily Vulnerability Scan (arm64) (push) Successful in 5s
Details
Vulnerability Scan / Daily Vulnerability Scan (amd64) (push) Successful in 5s
Details

Browse Source
This commit is contained in:
Paolo Asperti
2025-06-08 08:07:28 +02:00
parent 2cb032520a
commit e24e2b3d5b
4 changed files with 113 additions and 157 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
.gitea/workflows/vulnscan.yaml
View File

@@ -1,21 +1,33 @@
---
name: Vulnerability Scan
env:
REGISTRY: docker.asperti.com
REPOSITORY: paspo/glpi
on:
schedule:
- cron: "0 14 * * *"
workflow_dispatch:
workflow_call:
workflow_run:
workflows: [build_and_publish.yaml]
types: [completed]
jobs:
scan:
name: Daily Vulnerability Scan
runs-on: ubuntu-latest
runs-on:
labels: [ubuntu-latest, "arch-${{ matrix.arch }}"]
container:
image: catthehacker/ubuntu:act-latest
strategy:
matrix:
arch: [amd64, arm64]
steps:
- name: Pull docker image
run: docker pull docker.asperti.com/paspo/glpi:latest
run: docker pull ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest
- name: Setup trivy
run: |
@@ -32,7 +44,7 @@ jobs:
- name: Run Trivy vulnerability scanner
id: scan
run: |
trivy --server ${{ secrets.TRIVY_SERVER }} --token ${{ secrets.TRIVY_TOKEN }} image --format json docker.asperti.com/paspo/glpi:latest > trivy-results.json
trivy --server ${{ secrets.TRIVY_SERVER }} --token ${{ secrets.TRIVY_TOKEN }} image --format json ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest > trivy-results.json
# if some vulnerability is found, we fail
- name: check output