Skip to content

Commit 354913b

Browse files
MionszMionsz
authored
Update template-docker-cached-build.yml
Signed-off-by: Miłosz Linkiewicz <milosz.linkiewicz@intel.com>
1 parent 17eaa87 commit 354913b

File tree

1 file changed

+16
-3
lines changed

1 file changed

+16
-3
lines changed

.github/workflows/template-docker-cached-build.yml

Lines changed: 16 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -72,15 +72,15 @@ jobs:
7272
security-events: write
7373
timeout-minutes: 15
7474
steps:
75-
- name: "${{ inputs.docker_image_name }} scan: Harden Runner"
75+
- name: "${{ inputs.docker_image_name }} scan: Harden Runner."
7676
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
7777
with:
7878
egress-policy: audit
7979

8080
- name: "${{ inputs.docker_image_name }} scan: Checkout repository"
8181
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
8282

83-
- name: "${{ inputs.docker_image_name }} scan: Scanner Hadolint Dockerfile scan sarif format"
83+
- name: "${{ inputs.docker_image_name }} scan: Scanner Hadolint Dockerfile scan sarif format."
8484
uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
8585
with:
8686
dockerfile: "${{ env.DOCKER_FILE_PATH }}"
@@ -90,11 +90,17 @@ jobs:
9090
no-fail: true
9191
failure-threshold: info
9292

93-
- name: "${{ inputs.docker_image_name }} scan: Scanner Hadolint upload results to Security tab"
93+
- name: "${{ inputs.docker_image_name }} scan: Scanner Hadolint upload results to Security tab."
9494
uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
9595
with:
9696
sarif_file: "hadolint-${{ env.CONCURRENCY_GROUP }}-${{ env.DOCKER_IMAGE_NAME }}-${{ env.DOCKER_IMAGE_TAG }}.sarif"
9797

98+
- name: "${{ inputs.docker_image_name }} scan: Scanner Hadolint upload results as an artifact."
99+
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
100+
with:
101+
name: "hadolint-${{ env.DOCKER_IMAGE_NAME }}-${{ env.DOCKER_IMAGE_TAG }}"
102+
path: "hadolint-${{ env.CONCURRENCY_GROUP }}-${{ env.DOCKER_IMAGE_NAME }}-${{ env.DOCKER_IMAGE_TAG }}.sarif"
103+
98104
- name: "${{ inputs.docker_image_name }}: Scanner Hadolint Dockerfile scan tty output"
99105
if: always()
100106
uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
@@ -105,6 +111,7 @@ jobs:
105111
failure-threshold: warning
106112

107113
build-docker-image:
114+
needs: hadolint-scan-dockerfile
108115
name: "${{ inputs.docker_image_name }}: Perform build of Dockerfile."
109116
runs-on: ubuntu-22.04
110117
permissions:
@@ -188,3 +195,9 @@ jobs:
188195
uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
189196
with:
190197
sarif_file: "${{ env.CONCURRENCY_GROUP }}-${{ env.DOCKER_IMAGE_NAME }}-${{ env.DOCKER_IMAGE_TAG }}.sarif"
198+
199+
- name: "${{ inputs.docker_image_name }}: Scanner Trivy upload results as an artifact."
200+
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
201+
with:
202+
name: "trivy-${{ env.DOCKER_IMAGE_NAME }}-${{ env.DOCKER_IMAGE_TAG }}"
203+
path: "${{ env.CONCURRENCY_GROUP }}-${{ env.DOCKER_IMAGE_NAME }}-${{ env.DOCKER_IMAGE_TAG }}.sarif"

0 commit comments

Comments
 (0)