1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00
kyverno/.github/workflows/images-build.yaml
dependabot[bot] a68b65ce69
chore(deps): bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 (#11410)
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.27.0 to 0.28.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](5681af892c...915b19bbe7)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-16 08:53:09 +02:00

45 lines
1.3 KiB
YAML

# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: Build images
permissions: {}
on:
pull_request:
branches:
- main
- release-*
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build-images:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Setup caches
uses: ./.github/actions/setup-caches
timeout-minutes: 5
continue-on-error: true
with:
build-cache-key: build-images
- name: Setup build env
uses: ./.github/actions/setup-build-env
timeout-minutes: 10
- name: ko build
run: VERSION=${{ github.ref_name }} make ko-build-all
- name: Trivy Scan Image
uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH'
env:
# Trivy is returning TOOMANYREQUESTS
# See: https://github.com/aquasecurity/trivy-action/issues/389#issuecomment-2385416577
TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2'