fix(deps): update aws-sdk-go-v2 monorepo (#1179) #3724
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Dev Image | |
| permissions: | |
| contents: read # for actions/checkout to check out the repository | |
| id-token: write # for docker/login-action to authenticate to the GitHub Container Registry | |
| packages: write # for docker/build-push-action to push the image to the GitHub Container Registry | |
| security-events: write # for github/codeql-action/upload-sarif to upload SARIF results | |
| actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status | |
| on: | |
| push: | |
| branches: | |
| - '**' | |
| tags-ignore: | |
| - '*' | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - name: Log in to the GitHub Container Registry | |
| uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 | |
| - name: Extract metadata for the Docker image | |
| id: meta | |
| uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6 | |
| with: | |
| images: | | |
| ghcr.io/${{ github.repository }} | |
| tags: | | |
| type=raw,value=dev | |
| - name: Set short Git commit SHA | |
| id: vars | |
| run: | | |
| calculatedSha=$(git rev-parse --short ${{ github.sha }}) | |
| echo "short_sha=$calculatedSha" >> $GITHUB_OUTPUT | |
| - name: Build and export to local Docker | |
| uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 | |
| with: | |
| context: . | |
| build-args: | | |
| APP_VERSION=dev-build.${{ steps.vars.outputs.short_sha }} | |
| push: false | |
| load: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| annotations: ${{ steps.meta.outputs.annotations }} | |
| provenance: false | |
| sbom: false | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 | |
| with: | |
| image-ref: 'ghcr.io/${{ github.repository }}:dev' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| - name: Build and push dev image | |
| uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 | |
| with: | |
| context: . | |
| platforms: linux/amd64 | |
| build-args: | | |
| APP_VERSION=dev-build.${{ steps.vars.outputs.short_sha }} | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| annotations: ${{ steps.meta.outputs.annotations }} | |
| provenance: false | |
| sbom: false | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max |