Try to fix container scan reference position by moving from step to job (#15)

cybcon · web-flow · commit 26a4daaf41a2 · 2023-06-10T17:46:17.000+02:00
* Try to fix container scan reference position by moving from step to job

* Upgrade workflow version

* Upgrade workflow version

* Upgrade version

* Upgrade workflow versions

* Upgrade workflow versions

* Upgrade workflow version and upload/handover artifact to referenced worflow for vulnerability scans

* Upgrade workflow version

* Upgrade workflow version

* Separate docker export and add job dependency

* load container after build

* Add extra build and export step

* Upgrade workflow versions

* Upgrade upload artifact action

* Upgrade workflow versions
diff --git a/.github/workflows/container-image-build-validation.yaml b/.github/workflows/container-image-build-validation.yaml
@@ -18,13 +18,33 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
       - name: Test build
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v4.1.0
         with:
           push: false
+          load: false
           context: .
           platforms: linux/amd64, linux/arm64
           tags: container-build:test
-      - name: Container vulnerability scan
-        uses: cybcon/github_workflows/.github/workflows/container-vulnerability-scan.yaml@v1.1.1
+      - name: Test build and export for further validation
+        uses: docker/build-push-action@v4.1.0
         with:
-          image: container-build:test
+          push: false
+          load: true
+          context: .
+          tags: container-build:test
+          outputs: type=docker,dest=/tmp/container.tar
+      - name: Upload container image as artifact
+        uses: actions/upload-artifact@v3.1.2
+        with:
+          name: container-build
+          path: /tmp/container.tar
+  scan:
+    name: Container vulnerability scan
+    needs: container-build
+    uses: cybcon/github_workflows/.github/workflows/container-vulnerability-scan.yaml@v1.1.10
+    with:
+      image_name: container-build:test
+      image_artifact_filename: container.tar
+      image_artifact_name: container-build
+      login_dockerhub: false
+      trivy_tag: latest
diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
@@ -6,4 +6,4 @@ on:
       - main
 jobs:
   pre-commit:
-    uses: cybcon/github_workflows/.github/workflows/pre-commit.yaml@v1.1.1
+    uses: cybcon/github_workflows/.github/workflows/pre-commit.yaml@v1.1.10
diff --git a/.github/workflows/release-from-label.yaml b/.github/workflows/release-from-label.yaml
@@ -5,4 +5,4 @@ on:
       - closed
 jobs:
   release:
-    uses: cybcon/github_workflows/.github/workflows/release-from-label.yaml@v1.1.1
+    uses: cybcon/github_workflows/.github/workflows/release-from-label.yaml@v1.1.10
diff --git a/.github/workflows/release-label-validation.yaml b/.github/workflows/release-label-validation.yaml
@@ -10,4 +10,4 @@ on:
       - unlabeled
 jobs:
   release-label-validation:
-    uses: cybcon/github_workflows/.github/workflows/release-label-validation.yaml@v1.1.1
+    uses: cybcon/github_workflows/.github/workflows/release-label-validation.yaml@v1.1.10
