| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 |
- name: CVE checks docker master
- on:
- workflow_dispatch:
- schedule:
- # * is a special character in YAML so you have to quote this string
- - cron: '0 8 15 * *'
- jobs:
- build-and-test:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v3
- - name: Set up JDK
- uses: actions/setup-java@v3
- with:
- java-version: '17'
- distribution: 'zulu'
- cache: 'maven'
- - name: Build project
- id: build
- run: |
- ./mvnw -B -ntp versions:set -DnewVersion=$GITHUB_SHA
- ./mvnw -B -V -ntp clean package -DskipTests
- export VERSION=$(./mvnw -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
- echo "version=${VERSION}" >> $GITHUB_OUTPUT
- - name: Set up QEMU
- uses: docker/setup-qemu-action@v2
- - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v2
- - name: Cache Docker layers
- uses: actions/cache@v3
- with:
- path: /tmp/.buildx-cache
- key: ${{ runner.os }}-buildx-${{ github.sha }}
- restore-keys: |
- ${{ runner.os }}-buildx-
- - name: Build docker image
- uses: docker/build-push-action@v4
- with:
- builder: ${{ steps.buildx.outputs.name }}
- context: kafka-ui-api
- platforms: linux/amd64
- push: false
- load: true
- tags: |
- provectuslabs/kafka-ui:${{ steps.build.outputs.version }}
- build-args: |
- JAR_FILE=kafka-ui-api-${{ steps.build.outputs.version }}.jar
- cache-from: type=local,src=/tmp/.buildx-cache
- cache-to: type=local,dest=/tmp/.buildx-cache
- - name: Run CVE checks
- uses: aquasecurity/trivy-action@0.12.0
- with:
- image-ref: "provectuslabs/kafka-ui:${{ steps.build.outputs.version }}"
- format: "table"
- exit-code: "1"
|
