-
Notifications
You must be signed in to change notification settings - Fork 28
131 lines (127 loc) · 5.74 KB
/
anchore-analysis.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: Anchore Container Scan
on:
schedule:
# launch analysis every day on develop (shall be launch after snapshot build)
- cron: '0 1 * * *'
workflow_dispatch:
permissions:
contents: read
jobs:
Anchore-Build-Scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Pull docker images
run: |
docker pull lfeoperatorfabric/of-cards-consultation-service:SNAPSHOT
docker pull lfeoperatorfabric/of-cards-publication-service:SNAPSHOT
docker pull lfeoperatorfabric/of-users-service:SNAPSHOT
docker pull lfeoperatorfabric/of-businessconfig-service:SNAPSHOT
docker pull lfeoperatorfabric/of-external-devices-service:SNAPSHOT
docker pull lfeoperatorfabric/of-cards-external-diffusion-service:SNAPSHOT
docker pull lfeoperatorfabric/of-cards-reminder:SNAPSHOT
docker pull lfeoperatorfabric/of-supervisor:SNAPSHOT
docker pull lfeoperatorfabric/of-web-ui:SNAPSHOT
- name: Analyse card consultation
uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0
id: scan-cards-consultation
with:
image: "lfeoperatorfabric/of-cards-consultation-service:SNAPSHOT"
fail-build: false
- name: Upload Anchore Scan Report for cards-consultation
uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
with:
sarif_file: ${{ steps.scan-cards-consultation.outputs.sarif }}
category: consultation
- name: Analyse card publication
uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0
id: scan-cards-publication
with:
image: "lfeoperatorfabric/of-cards-publication-service:SNAPSHOT"
fail-build: false
- name: Upload Anchore Scan Report for cards-publication
uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
with:
sarif_file: ${{ steps.scan-cards-publication.outputs.sarif }}
category: publication
- name: Analyse users
uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0
id: scan-users
with:
image: "lfeoperatorfabric/of-users-service:SNAPSHOT"
fail-build: false
- name: Upload Anchore Scan Report for users
uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
with:
sarif_file: ${{ steps.scan-users.outputs.sarif }}
category: users
- name: Analyse businessConfig
uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0
id: scan-businessconfig
with:
image: "lfeoperatorfabric/of-businessconfig-service:SNAPSHOT"
fail-build: false
- name: Upload Anchore Scan Report for businessConfig
uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
with:
sarif_file: ${{ steps.scan-businessconfig.outputs.sarif }}
category: businessconfig
- name: Analyse external-devices
uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0
id: scan-external-devices
with:
image: "lfeoperatorfabric/of-external-devices-service:SNAPSHOT"
fail-build: false
- name: Upload Anchore Scan Report for external devices
uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
with:
sarif_file: ${{ steps.scan-external-devices.outputs.sarif }}
category: external-devices
- name: Analyse web-ui
uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0
id: scan-web-ui
with:
image: "lfeoperatorfabric/of-web-ui:SNAPSHOT"
fail-build: false
- name: Upload Anchore Scan Report for web-ui
uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
with:
sarif_file: ${{ steps.scan-web-ui.outputs.sarif }}
category: web-ui
- name: Analyse external-diffusion
uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0
id: scan-cards-external-diffusion
with:
image: "lfeoperatorfabric/of-cards-external-diffusion-service:SNAPSHOT"
fail-build: false
- name: Upload Anchore Scan Report for external-diffusion
uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
with:
sarif_file: ${{ steps.scan-cards-external-diffusion.outputs.sarif }}
category: external-diffusion
- name: Analyse cards reminder
uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0
id: scan-cards-reminder
with:
image: "lfeoperatorfabric/of-cards-reminder:SNAPSHOT"
fail-build: false
- name: Upload Anchore Scan Report for cards-reminder
uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
with:
sarif_file: ${{ steps.scan-cards-reminder.outputs.sarif }}
category: cards-reminder
- name: Analyse supervisor
uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0
id: scan-supervisor
with:
image: "lfeoperatorfabric/of-supervisor:SNAPSHOT"
fail-build: false
- name: Upload Anchore Scan Report for supervisor
uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
with:
sarif_file: ${{ steps.scan-supervisor.outputs.sarif }}
category: supervisor