Merge pull request moby#5223 from crazy-max/ci-scout-scan-alt-tags

crazy-max · web-flow · commit f117efb8c679 · 2024-08-08T14:28:32.000+02:00
ci: missing tags to be scanned with scout
diff --git a/.github/workflows/buildkit.yml b/.github/workflows/buildkit.yml
@@ -216,7 +216,7 @@ jobs:
         run: |
           ./hack/images "${{ needs.prepare.outputs.tag }}" "$IMAGE_NAME" "${{ needs.prepare.outputs.push }}"
         env:
-          RELEASE: ${{ startsWith(github.ref, 'refs/tags/v') }}
+          RELEASE: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v') }}
           TARGET: ${{ matrix.target-stage }}
           CACHE_FROM: type=gha,scope=image${{ matrix.target-stage }}
           CACHE_TO: type=gha,scope=image${{ matrix.target-stage }}
@@ -230,6 +230,12 @@ jobs:
       security-events: write
     needs:
       - image
+    strategy:
+      fail-fast: false
+      matrix:
+        tag:
+          - master
+          - master-rootless
     steps:
       -
         name: Checkout
@@ -247,7 +253,7 @@ jobs:
         with:
           version: ${{ env.SCOUT_VERSION }}
           format: sarif
-          image: registry://${{ env.IMAGE_NAME }}:master
+          image: registry://${{ env.IMAGE_NAME }}:${{ matrix.tag }}
       -
         name: Upload SARIF report
         uses: github/codeql-action/upload-sarif@v3
diff --git a/.github/workflows/frontend.yml b/.github/workflows/frontend.yml
@@ -121,7 +121,7 @@ jobs:
         run: |
           ./frontend/dockerfile/cmd/dockerfile-frontend/hack/release "${{ needs.prepare.outputs.typ }}" "${{ matrix.tag }}" "$IMAGE_NAME" "${{ needs.prepare.outputs.push }}"
         env:
-          RELEASE: ${{ startsWith(github.ref, 'refs/tags/v') }}
+          RELEASE: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v') }}
           CACHE_FROM: type=gha,scope=${{ env.CACHE_SCOPE }}
           CACHE_TO: type=gha,scope=${{ env.CACHE_SCOPE }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -134,6 +134,12 @@ jobs:
       security-events: write
     needs:
       - image
+    strategy:
+      fail-fast: false
+      matrix:
+        tag:
+          - master
+          - master-labs
     steps:
       -
         name: Checkout
@@ -151,7 +157,7 @@ jobs:
         with:
           version: ${{ env.SCOUT_VERSION }}
           format: sarif
-          image: registry://${{ env.IMAGE_NAME }}:master
+          image: registry://${{ env.IMAGE_NAME }}:${{ matrix.tag }}
       -
         name: Upload SARIF report
         uses: github/codeql-action/upload-sarif@v3
