Skip to content

Updated ci-dockerized-app-build-push/README.md #79

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
dobotro wants to merge 3 commits into from
Closed

Updated ci-dockerized-app-build-push/README.md #79

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b489f68
fix: DEVOPS-67 restore trivy pipeline steps with v0.69.2
pabops Mar 2, 2026
b39e6b7
Updated ci-dockerized-app-build-push/README.md
pabops Mar 2, 2026
28f09f7
Updated docker-build-push/README.md
dobotro Mar 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions actions/ci-dockerized-app-build-push/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
| tag-latest | string | false | | If true add the tag <br>latest |
| tag-length | string | false | `"7"` | The number of chars composing <br>the tag from the short <br>commit sha |
| target | string | false | | The target to build in <br>the image |
| trivy-scan | string | false | `"false"` | Run Trivy vulnerability scanner before <br>pushing the image |
| workload-identity-provider | string | false | | The GCP workload identity provider <br>to login to the registry |

<!-- AUTO-DOC-INPUT:END -->
Expand Down
25 changes: 13 additions & 12 deletions actions/docker-build-push/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,18 +4,19 @@

<!-- AUTO-DOC-INPUT:START - Do not remove or modify this section -->

| INPUT | TYPE | REQUIRED | DEFAULT | DESCRIPTION |
|------------|--------|----------|----------|----------------------------------------------------------------------------------------|
| build-args | string | false | | Arguments to build the image |
| cache-from | string | false | | Docker registry |
| cache-to | string | false | | The username to access the <br>registry |
| context | string | false | | The context to build the <br>Dockerfile |
| file | string | false | | The path to the Dockerfile. <br>If not set, it uses <br>the context path. |
| pull | string | false | `"true"` | Enable/disable image pull |
| push | string | false | `"true"` | Enable/disable image push |
| secrets | string | false | | List of secrets to expose <br>to the build (e.g., key=string, GIT\_AUTH\_TOKEN=mytoken) |
| tags | string | true | | The tags of the image |
| target | string | false | | The target to build in <br>the image |
| INPUT | TYPE | REQUIRED | DEFAULT | DESCRIPTION |
|------------|--------|----------|-----------|----------------------------------------------------------------------------------------|
| build-args | string | false | | Arguments to build the image |
| cache-from | string | false | | Docker registry |
| cache-to | string | false | | The username to access the <br>registry |
| context | string | false | | The context to build the <br>Dockerfile |
| file | string | false | | The path to the Dockerfile. <br>If not set, it uses <br>the context path. |
| pull | string | false | `"true"` | Enable/disable image pull |
| push | string | false | `"true"` | Enable/disable image push |
| secrets | string | false | | List of secrets to expose <br>to the build (e.g., key=string, GIT\_AUTH\_TOKEN=mytoken) |
| tags | string | true | | The tags of the image |
| target | string | false | | The target to build in <br>the image |
| trivy-scan | string | false | `"false"` | Run Trivy vulnerability scanner before <br>pushing the image |

<!-- AUTO-DOC-INPUT:END -->

Expand Down
6 changes: 4 additions & 2 deletions actions/docker-build-push/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,17 +89,18 @@ runs:
echo "image-ref=${FIRST_TAG}" >> $GITHUB_OUTPUT
- name: Run Trivy vulnerability scanner
if: ${{ inputs.trivy-scan == 'true' }}
uses: aquasecurity/trivy-action@0.33.1
uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478
with:
image-ref: ${{ steps.trivy-tag.outputs.image-ref }}
format: 'table'
exit-code: '0'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
version: v0.69.2
- name: Run Trivy vulnerability scanner (SARIF)
if: ${{ inputs.trivy-scan == 'true' }}
uses: aquasecurity/trivy-action@0.33.1
uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478
with:
image-ref: ${{ steps.trivy-tag.outputs.image-ref }}
format: 'sarif'
Expand All @@ -109,6 +110,7 @@ runs:
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
limit-severities-for-sarif: true
version: v0.69.2
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v4
if: ${{ inputs.trivy-scan == 'true' && always() }}
Expand Down