Bump bridgecrewio/checkov-action from 12.2352.0 to 12.2414.0 #133
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time | |
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven | |
name: Java CI with Maven | |
on: | |
push: | |
branches: [ "main" ] | |
pull_request: | |
branches: [ "main" ] | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
cache: maven | |
- name: Build with Maven | |
run: mvn -B package --file pom.xml | |
- name: Lint API spec | |
uses: stoplightio/[email protected] | |
with: | |
spectral_ruleset: 'greetings.spectral.yml' | |
file_glob: 'src/main/resources/oas3.yaml' | |
- name: Lint Dockerfile using Checkov | |
id: checkov | |
uses: bridgecrewio/[email protected] | |
with: | |
directory: . | |
framework: dockerfile # only ask for dockerfile scans | |
quiet: true # show only failed checks | |
container_user: 1000 # UID to run the container under to prevent permission issues | |
output_format: github_failed_only | |
skip_check: CKV_DOCKER_2,CKV_DOCKER_3 | |
docker_build_and_push: | |
name: Docker Build and Push | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Extract Docker metadata for Docker Hub | |
id: meta_dockerhub | |
uses: docker/metadata-action@v4 | |
with: | |
images: shanelee007/api-first-demo | |
# tags: | | |
# type=semver,pattern={{version}},value=${{ inputs.version }} | |
# type=semver,pattern={{major}}.{{minor}},value=${{ inputs.version }} | |
# type=semver,pattern={{major}},value=${{ inputs.version }} | |
# type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }} | |
flavor: | | |
latest=true | |
# - name: Compute final image tags | |
# id: tags | |
# run: echo 'tags=${{ steps.meta_dockerhub.outputs.tags }}' >> $GITHUB_OUTPUT | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Log in to Docker Hub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v4 | |
with: | |
context: . | |
platforms: linux/amd64,linux/arm64 # also support the new mac architecture (requires buildx) | |
# push: true | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.meta_dockerhub.outputs.tags }} | |
labels: ${{ steps.meta_dockerhub.outputs.labels }} | |
# use layer caching. Don't forget mode=max to also cache the build image | |
# (vs only the final image - mode: min) | |
cache-from: type=gha | |
cache-to: type=gha,mode=max |