Merge pull request #185 from betadots/fix_security_scanning

enable container scanning again
betadots · Sep 21, 2023 · 05bf740 · 05bf740
2 parents ed89bec + 8d9b52e
commit 05bf740
Showing 1 changed file with 13 additions and 16 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -57,34 +57,31 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
       - name: Build Docker image
         uses: docker/build-push-action@v5
         with:
           context: .
-          # tags: 'ci/hdm:${{ github.sha }}'
-          platforms: linux/amd64
+          tags: 'ci/hdm:${{ github.sha }}'
           push: false
 
-      # - name: Run Trivy vulnerability scanner
-      #   uses: aquasecurity/trivy-action@master
-      #   with:
-      #     image-ref: 'ci/hdm:${{ github.sha }}'
-      #     format: 'sarif'
-      #     output: 'trivy-results.sarif'
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'ci/hdm:${{ github.sha }}'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'
 
-      # - name: Upload Trivy scan results to GitHub Security tab
-      #   uses: github/codeql-action/upload-sarif@v2
-      #   with:
-      #     sarif_file: 'trivy-results.sarif'
   tests:
     needs:
       - shellcheck
       - rubocop
       - unit_tests
+      - build_docker_image
     runs-on: ubuntu-latest
     name: Test suite
     steps: