Skip to content

Commit c76eba3

Browse files
MahoneyMahoney
authored
Merge pull request #117 from wiremock/better-snyk-scanning
Try and use correct dockerfile & .snyk file in GHA
2 parents 27e02a3 + 7c1b4cb commit c76eba3

File tree

3 files changed

+29
-13
lines changed

3 files changed

+29
-13
lines changed

.github/dependabot.yml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
version: 2
2+
updates:
3+
4+
- package-ecosystem: "docker"
5+
directory: "/"
6+
schedule:
7+
interval: "weekly"
8+
9+
- package-ecosystem: "github-actions"
10+
directory: "/"
11+
schedule:
12+
interval: "weekly"

.github/workflows/container-image-scan.yml

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,11 @@ jobs:
1616

1717
strategy:
1818
matrix:
19-
image:
20-
- ghcr.io/wiremock/wiremock:${{ inputs.image_version }}
21-
- ghcr.io/wiremock/wiremock:${{ inputs.image_version }}-alpine
19+
versions:
20+
- CONTEXT: .
21+
image: ghcr.io/wiremock/wiremock:${{ inputs.image_version }}
22+
- CONTEXT: alpine
23+
image: ghcr.io/wiremock/wiremock:${{ inputs.image_version }}-alpine
2224

2325
steps:
2426
- uses: actions/checkout@v4
@@ -31,13 +33,13 @@ jobs:
3133
password: ${{ secrets.GITHUB_TOKEN }}
3234

3335
- name: Pull image to check we've got it
34-
run: docker pull ${{ matrix.image }}
36+
run: docker pull ${{ matrix.versions.image }}
3537

3638
- name: Run Snyk to check Docker image for vulnerabilities
3739
uses: snyk/actions/docker@master
3840
env:
3941
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
4042
with:
41-
image: ${{ matrix.image }}
43+
image: ${{ matrix.versions.image }}
4244
command: test
43-
args: --file=Dockerfile --severity-threshold=high --fail-on=upgradable --org=f310ee2f-5552-444d-84ee-ec8c44c33adb
45+
args: --file=${{ matrix.versions.CONTEXT }}/Dockerfile --severity-threshold=high --fail-on=upgradable --org=f310ee2f-5552-444d-84ee-ec8c44c33adb --policy-path=${{ matrix.versions.CONTEXT }}/.snyk

.github/workflows/release.yml

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ jobs:
5757
- ghcr.io/wiremock/wiremock:${{ needs.check-new-version.outputs.new_version }}-alpine
5858
PLATFORMS:
5959
- linux/amd64
60-
60+
6161
steps:
6262

6363
- name: Set up QEMU
@@ -152,21 +152,23 @@ jobs:
152152
if: needs.check-new-version.outputs.new_version
153153
strategy:
154154
matrix:
155-
image:
156-
- wiremock/wiremock:${{ needs.check-new-version.outputs.new_version }}
157-
- wiremock/wiremock:${{ needs.check-new-version.outputs.new_version }}-alpine
155+
versions:
156+
- CONTEXT: .
157+
image: wiremock/wiremock:${{ needs.check-new-version.outputs.new_version }}
158+
- CONTEXT: alpine
159+
image: wiremock/wiremock:${{ needs.check-new-version.outputs.new_version }}-alpine
158160

159161
steps:
160162
- uses: actions/checkout@v4
161163

162164
- name: Pull image to check we've got it
163-
run: docker pull ${{ matrix.image }}
165+
run: docker pull ${{ matrix.versions.image }}
164166

165167
- name: Run Snyk to monitor Docker image for vulnerabilities
166168
uses: snyk/actions/docker@master
167169
env:
168170
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
169171
with:
170-
image: ${{ matrix.image }}
172+
image: ${{ matrix.versions.image }}
171173
command: monitor
172-
args: --file=Dockerfile --org=f310ee2f-5552-444d-84ee-ec8c44c33adb --project-name=wiremock-docker
174+
args: --file=${{ matrix.versions.CONTEXT }}/Dockerfile --org=f310ee2f-5552-444d-84ee-ec8c44c33adb --project-name=wiremock-docker --policy-path=${{ matrix.versions.CONTEXT }}/.snyk

0 commit comments

Comments
 (0)