Mercurial > p > roundup > code
comparison .github/workflows/anchore.yml @ 8336:1357dfcb81eb
chore: update actions to current versions.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 19 Jun 2025 16:14:01 -0400 |
| parents | 85c47edfc383 |
| children | fd72487d0054 |
comparison
equal
deleted
inserted
replaced
| 8335:cf757cd416dc | 8336:1357dfcb81eb |
|---|---|
| 35 security-events: write # for github/codeql-action/upload-sarif to upload SARIF results | 35 security-events: write # for github/codeql-action/upload-sarif to upload SARIF results |
| 36 actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status | 36 actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status |
| 37 runs-on: ubuntu-latest | 37 runs-on: ubuntu-latest |
| 38 steps: | 38 steps: |
| 39 - name: Checkout the code | 39 - name: Checkout the code |
| 40 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | 40 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 |
| 41 - name: Build the Docker image | 41 - name: Build the Docker image |
| 42 run: docker pull python:3-alpine; docker build . --file scripts/Docker/Dockerfile --tag localbuild/testimage:latest | 42 run: docker pull python:3-alpine; docker build . --file scripts/Docker/Dockerfile --tag localbuild/testimage:latest |
| 43 - name: List the Docker image | 43 - name: List the Docker image |
| 44 run: docker image ls | 44 run: docker image ls |
| 45 - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled | 45 - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled |
| 46 uses: anchore/scan-action@c35e932c2a7c572bfdb1c3dbcdadb2d4fc62418d # 3.6.1 | 46 uses: anchore/scan-action@be7a22da4f22dde446c4c4c099887ff5b256526c # 6.3.0 |
| 47 id: scan | 47 id: scan |
| 48 with: | 48 with: |
| 49 image: "localbuild/testimage:latest" | 49 image: "localbuild/testimage:latest" |
| 50 fail-build: true | 50 fail-build: true |
| 51 - name: Upload Anchore Scan Report | 51 - name: Upload Anchore Scan Report |
| 52 if: always() | 52 if: always() |
| 53 uses: github/codeql-action/upload-sarif@65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9 # v2.16.1 | 53 uses: github/codeql-action/upload-sarif@b1e4dc3db58c9601794e22a9f6d28d45461b9dbf # v2.22.0 |
| 54 with: | 54 with: |
| 55 sarif_file: ${{ steps.scan.outputs.sarif }} | 55 sarif_file: ${{ steps.scan.outputs.sarif }} |
| 56 - name: Inspect action SARIF report | 56 - name: Inspect action SARIF report |
| 57 if: always() | 57 if: always() |
| 58 run: cat ${{ steps.scan.outputs.sarif }} | 58 run: cat ${{ steps.scan.outputs.sarif }} |