54 lines
1.3 KiB
YAML
54 lines
1.3 KiB
YAML
name: Validate Swarm Loadbalancer
|
|
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
|
|
on:
|
|
workflow_call:
|
|
workflow_dispatch:
|
|
workflow_run:
|
|
workflows: ["Build Swarm Loadbalancer"]
|
|
types:
|
|
- completed
|
|
|
|
concurrency:
|
|
group: ${{ github.head_ref || github.run_id }}
|
|
cancel-in-progress: true
|
|
|
|
env:
|
|
CANDIDATE_IMAGE: ghcr.io/benzine-framework/bouncer:build-${{ github.sha }}
|
|
|
|
jobs:
|
|
validate-install-report:
|
|
name: Run Install Report
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: "Post-Build: Validate build"
|
|
shell: bash
|
|
run: |
|
|
docker \
|
|
run \
|
|
--rm \
|
|
${{ env.CANDIDATE_IMAGE }} \
|
|
/usr/bin/install-report
|
|
validate-dive-report:
|
|
name: Run Dive
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
# Use Dive to inspect the image for junk
|
|
- name: "Post-Build: Dive"
|
|
uses: wagoodman/dive@v0.10.0
|
|
with:
|
|
args: ${{ env.CANDIDATE_IMAGE }}
|
|
validate-vulnerability-report:
|
|
name: Run Trivy
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
# Inspect the container for security vulnerabilities
|
|
- name: "Post-Build: Trivy"
|
|
uses: aquasecurity/trivy-action@v0.3.0
|
|
with:
|
|
image-ref: ${{ env.CANDIDATE_IMAGE }}
|
|
format: table
|
|
exit-code: 1
|