Move container scan to second job

NeuroDesk · Mar 21, 2024 · 8cddcb6 · 8cddcb6
1 parent 4eef0e9
commit 8cddcb6
Showing 1 changed file with 27 additions and 10 deletions.
diff --git a/.github/workflows/build-neurodesktop.yml b/.github/workflows/build-neurodesktop.yml
@@ -139,16 +139,6 @@ jobs:
         git tag ${BUILDDATE}
         git push origin -f --tags
         # echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $GITHUB_ACTOR --password-stdin
-    # - name: Container image scan
-    #   if: ${{ env.ROOTFS_NEW != env.ROOTFS_CACHE || github.event.inputs.force_push == 'true' }}
-    #   uses: aquasecurity/[email protected]
-    #   with:
-    #     image-ref: ${{ env.IMAGEID }}:${{ env.BUILDDATE }}
-    #     format: table
-    #     exit-code: '1'
-    #     severity: CRITICAL
-    #     timeout: 25m0s
-    #     skip-files: /opt/rclone-v1.60.1-linux-amd64/README.txt, /opt/rclone-v1.60.1-linux-amd64/README.html, /opt/rclone-v1.60.1-linux-amd64/rclone.1
     - name: Generate issue on job failure
       if: always() && failure()
       uses: JasonEtco/[email protected]
@@ -162,3 +152,30 @@ jobs:
         filename: .github/job_failure_issue_template.md
         update_existing: true
         search_existing: open
+  scan-image:
+    needs: build-image
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Set environment variables
+        run: |
+          IMAGENAME="neurodesktop"
+          BUILDDATE=`date +%Y-%m-%d`
+          IMAGEID=ghcr.io/$GITHUB_REPOSITORY/$IMAGENAME
+          IMAGEID=$(echo $IMAGEID | tr '[A-Z]' '[a-z]')
+
+          echo "BUILDDATE=$BUILDDATE"
+          echo "IMAGEID=$IMAGEID"
+          echo "IMAGENAME=$IMAGENAME"
+
+          echo "BUILDDATE=$BUILDDATE" >> $GITHUB_ENV
+          echo "IMAGEID=$IMAGEID" >> $GITHUB_ENV
+          echo "IMAGENAME=$IMAGENAME" >> $GITHUB_ENV
+      - name: Container image scan
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: ${{ env.IMAGEID }}:${{ env.BUILDDATE }}
+          format: table
+          exit-code: '1'
+          severity: CRITICAL
+          timeout: 25m0s
+          skip-files: /opt/rclone-v1.60.1-linux-amd64/README.txt, /opt/rclone-v1.60.1-linux-amd64/README.html, /opt/rclone-v1.60.1-linux-amd64/rclone.1