pulsarctl/.github/workflows/ci-trivy.yml at 2ebc478f519aaf9e515d4594db7fc4fd61193746 · streamnative/pulsarctl · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
name: Pulsarctl
on:
  pull_request:
    branches:
      - '*'
    path-ignores:
      - 'docs/**'
      - 'README.md'
      - 'CONTRIBUTING.md'

jobs:
  scan-vulnerabilities:
    runs-on: ubuntu-latest
    steps:
      - name: Set up Go 1.25
        uses: actions/setup-go@v1
        with:
          go-version: 1.25
        id: go

      - name: Check out code into the Go module directory
        uses: actions/checkout@v2

      - name: Build
        run: go build .

      - name: Build docker image
        run: docker build -f docker/amd64-linux.Dockerfile -t pulsarctl .

      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: 'pulsarctl:latest'
          format: 'table'
          exit-code: '1'
          severity: "MEDIUM,HIGH,CRITICAL"
          vuln-type: "library"