✨(ci) add security scan

Add a security scan for CVE with trivy
2024-09-27 16:26:28 +02:00
parent 989239082e
commit 55c0815c31
2 changed files with 16 additions and 2 deletions
--- a/.github/workflows/docker-hub.yml
+++ b/.github/workflows/docker-hub.yml
@@ -1,4 +1,5 @@
 name: Docker Hub Workflow
 run-name: Docker Hub Workflow
 on:
  workflow_dispatch:
@@ -48,9 +49,15 @@ jobs:
        name: Login to DockerHub
        if: github.event_name != 'pull_request'
        run: echo "$DOCKER_HUB_PASSWORD" | docker login -u "$DOCKER_HUB_USER" --password-stdin
      -
        name: Run trivy scan
        uses: numerique-gouv/action-trivy-cache@main
        with:
          docker-build-args: '--target backend-production -f Dockerfile'
          docker-image-name: 'docker.io/lasuite/people-backend:${{ github.sha }}'
      -
        name: Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        with:
          context: .
          target: backend-production
@@ -92,9 +99,15 @@ jobs:
        name: Login to DockerHub
        if: github.event_name != 'pull_request'
        run: echo "$DOCKER_HUB_PASSWORD" | docker login -u "$DOCKER_HUB_USER" --password-stdin
      -
        name: Run trivy scan
        uses: numerique-gouv/action-trivy-cache@main
        with:
          docker-build-args: '-f Dockerfile --target frontend-production'
          docker-image-name: 'docker.io/lasuite/people-frontend:${{ github.sha }}'
      -
        name: Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        with:
          context: .
          target: frontend-production
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,7 @@ and this project adheres to
 ### Added
 - ✨(ci) add security scan #429
 - ✨(teams) register contacts on admin views
 ### Fixed