Mercurial > p > roundup > code
comparison .github/workflows/anchore.yml @ 7728:a17d0abfb212
chore: update to latest actions
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sun, 28 Jan 2024 22:39:36 -0500 |
| parents | d88bdaeecbec |
| children | 85c47edfc383 |
comparison
equal
deleted
inserted
replaced
| 7727:47eb57f73d88 | 7728:a17d0abfb212 |
|---|---|
| 35 security-events: write # for github/codeql-action/upload-sarif to upload SARIF results | 35 security-events: write # for github/codeql-action/upload-sarif to upload SARIF results |
| 36 actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status | 36 actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status |
| 37 runs-on: ubuntu-latest | 37 runs-on: ubuntu-latest |
| 38 steps: | 38 steps: |
| 39 - name: Checkout the code | 39 - name: Checkout the code |
| 40 uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | 40 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 |
| 41 - name: Build the Docker image | 41 - name: Build the Docker image |
| 42 run: docker pull python:3-alpine; docker build . --file scripts/Docker/Dockerfile --tag localbuild/testimage:latest | 42 run: docker pull python:3-alpine; docker build . --file scripts/Docker/Dockerfile --tag localbuild/testimage:latest |
| 43 - name: List the Docker image | 43 - name: List the Docker image |
| 44 run: docker image ls | 44 run: docker image ls |
| 45 - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled | 45 - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled |
| 46 uses: anchore/scan-action@24fd7c9060f3c96848dd1929fac8d796fb5ae4b4 # v3.3.6 | 46 uses: anchore/scan-action@c35e932c2a7c572bfdb1c3dbcdadb2d4fc62418d # 3.6.1 |
| 47 id: scan | 47 id: scan |
| 48 with: | 48 with: |
| 49 image: "localbuild/testimage:latest" | 49 image: "localbuild/testimage:latest" |
| 50 fail-build: true | 50 fail-build: true |
| 51 - name: Upload Anchore Scan Report | 51 - name: Upload Anchore Scan Report |
| 52 if: always() | 52 if: always() |
| 53 uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a | 53 uses: github/codeql-action/upload-sarif@65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9 # v2.16.1 |
| 54 # v2.13.4 | |
| 55 with: | 54 with: |
| 56 sarif_file: ${{ steps.scan.outputs.sarif }} | 55 sarif_file: ${{ steps.scan.outputs.sarif }} |
| 57 - name: Inspect action SARIF report | 56 - name: Inspect action SARIF report |
| 58 if: always() | 57 if: always() |
| 59 run: cat ${{ steps.scan.outputs.sarif }} | 58 run: cat ${{ steps.scan.outputs.sarif }} |