Switch to Trivy action for image scanning

WyriHaximusNet · Nov 15, 2024 · dd5444d · dd5444d
1 parent 880fc9d
commit dd5444d
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 5 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -186,10 +186,14 @@ jobs:
         with:
           name: docker-image-${{ matrix.image }}
           path: ./docker-image
-      - run: docker load --input ./docker-image/image.tar
-        if: contains(matrix.image, 'alpine')
-      - run: make ci-scan-vulnerability
+      - name: Run Trivy vulnerability scanner in tarball mode
         if: contains(matrix.image, 'alpine')
+        uses: aquasecurity/[email protected]
+        with:
+          input: ./docker-image/image.tar
+          format: 'github'
+          exit-code: '1'
+          hide-progress: true
   test:
     name: Testing "${{ matrix.image }}"
     needs:

diff --git a/test-nts.sh b/test-nts.sh
@@ -58,4 +58,4 @@ docker run --rm -t \
     renatomefi/docker-testinfra:5 \
     -m "$TEST_SUITE" --junitxml="/results/php-nts-$DOCKER_TAG.xml" \
     --disable-pytest-warnings \
-    --verbose --hosts="docker://$DOCKER_CONTAINER"
+    --verbose --hosts="docker://$DOCKER_CONTAINER"
diff --git a/test-zts.sh b/test-zts.sh
@@ -58,4 +58,4 @@ docker run --rm -t \
     renatomefi/docker-testinfra:5 \
     -m "$TEST_SUITE" --junitxml="/results/php-zts-$DOCKER_TAG.xml" \
     --disable-pytest-warnings \
-    --verbose --hosts="docker://$DOCKER_CONTAINER"
+    --verbose --hosts="docker://$DOCKER_CONTAINER"