File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ name : Docker PR Build
2+
3+ on :
4+ pull_request :
5+ branches : [main]
6+ workflow_dispatch :
7+
8+ jobs :
9+ docker :
10+ runs-on : ubuntu-latest
11+ steps :
12+ - uses : actions/checkout@v3
13+ with :
14+ fetch-depth : 0
15+
16+ - name : Set up QEMU
17+ uses : docker/setup-qemu-action@v2
18+
19+ - name : Set up Docker Buildx
20+ id : buildx
21+ uses : docker/setup-buildx-action@v2
22+
23+ # Builds the full Dockerfile, including the SBOM stage that runs
24+ # `trivy sbom ... --exit-code 1`. The build fails if trivy installation
25+ # breaks or any UNKNOWN/HIGH/CRITICAL dependency CVE is present.
26+ # No push: this only validates that the image builds and passes the
27+ # trivy vulnerability gate.
28+ - name : Build (incl. trivy SBOM gate)
29+ uses : docker/build-push-action@v4
30+ with :
31+ context : ./
32+ file : ./Dockerfile
33+ builder : ${{ steps.buildx.outputs.name }}
34+ push : false
35+ load : false
36+ platforms : linux/amd64
37+ cache-from : type=registry,ref=ghcr.io/${{ github.repository }}:buildcache
You can’t perform that action at this time.
0 commit comments