-
Notifications
You must be signed in to change notification settings - Fork 23
102 lines (89 loc) · 2.95 KB
/
trivy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# Copyright 2022, 2024, Oracle Corporation and/or its affiliates. All rights reserved.
# Licensed under the Universal Permissive License v 1.0 as shown at
# http://oss.oracle.com/licenses/upl.
# ---------------------------------------------------------------------------
# Coherence Operator GitHub Actions Backwards Compatibility Tests.
# ---------------------------------------------------------------------------
name: Trivy Image Scan
on:
workflow_dispatch:
schedule:
- cron: '0 0 * * *'
push:
branches-ignore:
- gh-pages
- 1.0.0
- 2.x
- 3.x
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
# This step will free up disc space on the runner by removing
# lots of things that we do not need.
- name: disc
shell: bash
run: |
echo "Listing 100 largest packages"
dpkg-query -Wf '${Installed-Size}\t${Package}\n' | sort -n | tail -n 100
df -h
echo "Removing large packages"
sudo apt-get remove -y '^dotnet-.*' || true
sudo apt-get remove -y '^llvm-.*' || true
sudo apt-get remove -y 'monodoc-http' || true
sudo apt-get remove -y 'php.*' || true
sudo apt-get remove -y azure-cli google-cloud-sdk hhvm google-chrome-stable firefox powershell mono-devel || true
sudo apt-get autoremove -y || true
sudo apt-get clean
df -h
echo "Removing large directories"
rm -rf /usr/share/dotnet/
sudo rm -rf /usr/local/lib/android
df -h
- name: Set up JDK
uses: oracle-actions/setup-java@v1
with:
website: oracle.com
release: 21
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.22.x
- name: Cache Go Modules
uses: actions/cache@v4
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-mods-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-mods-
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Edit DNS Resolve
shell: bash
run: |
sudo chown -R runner:runner /run/systemd/resolve/stub-resolv.conf
sudo echo nameserver 8.8.8.8 > /run/systemd/resolve/stub-resolv.conf
- name: Start KinD Cluster
shell: bash
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
make kind
kubectl version
kubectl get nodes
docker pull gcr.io/distroless/java
docker pull gcr.io/distroless/java11-debian11
docker pull gcr.io/distroless/java17-debian11
- name: Image Scan
shell: bash
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
make trivy-scan