downgrade golang.org/x/net to v0.30.0 and update Github action #9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, push and scan Docker image | |
| on: | |
| push: | |
| paths: | |
| - "poc-prerequisite/kubescape-sizing-checker/Dockerfile" | |
| - "poc-prerequisite/kubescape-sizing-checker/cmd" | |
| - "poc-prerequisite/kubescape-sizing-checker/pkg" | |
| - "poc-prerequisite/kubescape-sizing-checker/go.mod" | |
| - "poc-prerequisite/kubescape-sizing-checker/go.sum" | |
| workflow_dispatch: | |
| jobs: | |
| build-and-scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v3 | |
| - name: Log in to Quay.io | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.QUAY_ROBOT_ACCOUNT_NAME }} | |
| password: ${{ secrets.QUAY_ROBOT_ACCOUNT_PASSWORD }} | |
| - name: Set up QEMU (for multi-platform support) | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Build and push multi-platform Docker image | |
| id: build-image | |
| run: | | |
| # Generate a short commit SHA for a unique tag | |
| SHORT_SHA="${GITHUB_SHA:0:7}" | |
| # Create and use a new buildx builder (if needed) | |
| docker buildx create --use | |
| # Build and push multi-architecture images | |
| docker buildx build \ | |
| --platform linux/amd64,linux/arm64 \ | |
| -t quay.io/danvid/kubescape-sizing-checker:latest \ | |
| -t quay.io/danvid/kubescape-sizing-checker:${SHORT_SHA} \ | |
| --push \ | |
| ./poc-prerequisite/kubescape-sizing-checker | |
| - name: Install Kubescape | |
| run: | | |
| curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash | |
| - name: Run Kubescape to scan image | |
| run: | | |
| $HOME/.kubescape/bin/kubescape scan image quay.io/danvid/kubescape-sizing-checker:latest \ | |
| --severity-threshold high \ | |
| --format sarif \ | |
| --output results-image.sarif | |
| - name: Upload image scan results to GitHub Code Scanning | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: results-image.sarif | |
| category: image-scan |