Mirror/gitea-mirror
1
0
Fork 0
mirror of https://github.com/RayLabsHQ/gitea-mirror.git synced 2025-12-13 06:56:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix: resolve Docker Scout image reference issues

Browse Source 
- Use specific SHA-based image tags instead of multi-line tags output
- Add separate Docker Scout steps for push vs pull request workflows
- Use local image reference for PR scanning (local://gitea-mirror:scan)
- Optimize PR builds to single platform (linux/amd64) for faster scanning
- Maintain multi-platform builds for production pushes
This commit is contained in:
Arunavo Ray
2025-06-15 14:38:25 +05:30
parent d1aa8810f7
commit 7f7e510400
1 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
.github/workflows/docker-build.yml vendored
View File

@@ -96,10 +96,10 @@ jobs:
uses: docker/build-push-action@v5 uses: docker/build-push-action@v5
with: with:
context: . context: .
platforms: linux/amd64,linux/arm64 platforms: ${{ github.event_name == 'pull_request' && 'linux/amd64' || 'linux/amd64,linux/arm64' }}
push: ${{ github.event_name != 'pull_request' }} push: ${{ github.event_name != 'pull_request' }}
load: ${{ github.event_name == 'pull_request' }} load: ${{ github.event_name == 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }} tags: ${{ github.event_name == 'pull_request' && 'gitea-mirror:scan' || steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha cache-from: type=gha
cache-to: type=gha,mode=max cache-to: type=gha,mode=max
@@ -107,9 +107,24 @@ jobs:
# Docker Scout comprehensive security analysis # Docker Scout comprehensive security analysis
- name: Docker Scout - Vulnerability Analysis & Recommendations - name: Docker Scout - Vulnerability Analysis & Recommendations
uses: docker/scout-action@v1 uses: docker/scout-action@v1
if: github.event_name != 'pull_request'
with: with:
command: cves,recommendations command: cves,recommendations
image: ${{ steps.meta.outputs.tags }} image: ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.SHA }}
sarif-file: scout-results.sarif
summary: true
exit-code: true
only-severities: critical,high
write-comment: true
github-token: ${{ secrets.GITHUB_TOKEN }}
# Docker Scout for Pull Requests (using local image)
- name: Docker Scout - Vulnerability Analysis (PR)
uses: docker/scout-action@v1
if: github.event_name == 'pull_request'
with:
command: cves,recommendations
image: local://gitea-mirror:scan
sarif-file: scout-results.sarif sarif-file: scout-results.sarif
summary: true summary: true
exit-code: true exit-code: true
@@ -123,7 +138,7 @@ jobs:
if: github.event_name == 'pull_request' if: github.event_name == 'pull_request'
with: with:
command: compare command: compare
image: ${{ steps.meta.outputs.tags }} image: ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.SHA }}
to: ${{ env.REGISTRY }}/${{ env.IMAGE }}:latest to: ${{ env.REGISTRY }}/${{ env.IMAGE }}:latest
ignore-unchanged: true ignore-unchanged: true
only-severities: critical,high only-severities: critical,high
@@ -143,7 +158,7 @@ jobs:
if: always() if: always()
with: with:
command: policy command: policy
image: ${{ steps.meta.outputs.tags }} image: ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.SHA }}
exit-code: false exit-code: false
write-comment: true write-comment: true
github-token: ${{ secrets.GITHUB_TOKEN }} github-token: ${{ secrets.GITHUB_TOKEN }}