Build

Bump actions/create-github-app-token from 2 to 3 #125

Workflow file for this run

	on:
	push:
	branches:
	- master
	pull_request:

	name: Build
	jobs:
	build-amd64:
	permissions:
	contents: read # read the repository
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v6

	- name: Set the TAG value
	id: get-TAG
	run: \|
	echo "$(make -s log \| grep TAG)" >> "$GITHUB_ENV"

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v4

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v4

	- name: Build container image
	uses: docker/build-push-action@v7
	with:
	context: .
	push: false
	tags: rancher/hardened-containerd:${{ env.TAG }}-amd64
	file: Dockerfile

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@0.35.0
	with:
	image-ref: rancher/hardened-containerd:${{ env.TAG }}-amd64
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'
	continue-on-error: true

	build-arm64:
	runs-on: ubuntu-latest
	steps:
	- name: Check out code
	uses: actions/checkout@v6

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v4

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v4

	- name: Set the TAG value
	id: get-TAG
	run: \|
	echo "$(make -s log \| grep TAG)" >> "$GITHUB_ENV"

	- name: Build container image
	uses: docker/build-push-action@v7
	with:
	context: .
	push: false
	tags: rancher/hardened-containerd:${{ env.TAG }}-arm64
	file: Dockerfile
	outputs: type=docker
	platforms: linux/arm64
	build-args: \|
	ARCH=arm64

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@0.35.0
	with:
	image-ref: rancher/hardened-containerd:${{ env.TAG }}-arm64
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'
	continue-on-error: true

	build-windows:
	runs-on: ubuntu-latest
	steps:
	- name: Check out code
	uses: actions/checkout@v6

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v4

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v4

	- name: Set the TAG value
	id: get-TAG
	run: \|
	echo "$(make -s log \| grep TAG)" >> "$GITHUB_ENV"
	- name: Build container image
	uses: docker/build-push-action@v7
	with:
	context: .
	push: false
	tags: rancher/hardened-containerd:${{ env.TAG }}-amd64-windows
	file: Dockerfile.windows
	outputs: type=docker
	platforms: linux/amd64

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@0.35.0
	with:
	image-ref: rancher/hardened-containerd:${{ env.TAG }}-amd64-windows
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'
	continue-on-error: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump actions/create-github-app-token from 2 to 3 #125

Workflow file

Bump actions/create-github-app-token from 2 to 3 #125

Uh oh!

Workflow file for this run