From bde91d55da6dfbaf29c42881e1ce647aa6e8bed4 Mon Sep 17 00:00:00 2001 From: Laurent Bossavit Date: Wed, 13 Nov 2024 14:21:42 +0100 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8(ci)=20separate=20security=20scan=20fo?= =?UTF-8?q?r=20frontend=20too?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Separate security scan from build-and-push, so we can make it optional in CI; this was the case for the backend but frontend was overlooked… --- .github/workflows/docker-hub.yml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/.github/workflows/docker-hub.yml b/.github/workflows/docker-hub.yml index 28b4cc6..9df3545 100644 --- a/.github/workflows/docker-hub.yml +++ b/.github/workflows/docker-hub.yml @@ -38,13 +38,21 @@ jobs: id: meta uses: docker/metadata-action@v5 with: - images: lasuite/people-backend + images: | + lasuite/people-backend + lasuite/people-frontend - - name: Run trivy scan + name: Run trivy scan (backend) uses: numerique-gouv/action-trivy-cache@main with: docker-build-args: '--target backend-production -f Dockerfile' docker-image-name: 'docker.io/lasuite/people-backend:${{ github.sha }}' + - + name: Run trivy scan (frontend) + uses: numerique-gouv/action-trivy-cache@main + with: + docker-build-args: '--target frontend-production -f Dockerfile' + docker-image-name: 'docker.io/lasuite/people-frontend:${{ github.sha }}' build-and-push-backend: runs-on: ubuntu-latest @@ -123,12 +131,6 @@ jobs: name: Login to DockerHub if: github.event_name != 'pull_request' run: echo "$DOCKER_HUB_PASSWORD" | docker login -u "$DOCKER_HUB_USER" --password-stdin - - - name: Run trivy scan - uses: numerique-gouv/action-trivy-cache@main - with: - docker-build-args: '-f Dockerfile --target frontend-production' - docker-image-name: 'docker.io/lasuite/people-frontend:${{ github.sha }}' - name: Build and push uses: docker/build-push-action@v6