Switch to Trivy action for image scanning

WyriHaximus · WyriHaximus · commit dd5444d82669 · 2024-11-15T11:01:32.000+01:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -186,10 +186,14 @@ jobs:
         with:
           name: docker-image-${{ matrix.image }}
           path: ./docker-image
-      - run: docker load --input ./docker-image/image.tar
-        if: contains(matrix.image, 'alpine')
-      - run: make ci-scan-vulnerability
+      - name: Run Trivy vulnerability scanner in tarball mode
         if: contains(matrix.image, 'alpine')
+        uses: aquasecurity/trivy-action@0.28.0
+        with:
+          input: ./docker-image/image.tar
+          format: 'github'
+          exit-code: '1'
+          hide-progress: true
   test:
     name: Testing "${{ matrix.image }}"
     needs:
diff --git a/test-nts.sh b/test-nts.sh
@@ -58,4 +58,4 @@ docker run --rm -t \
     renatomefi/docker-testinfra:5 \
     -m "$TEST_SUITE" --junitxml="/results/php-nts-$DOCKER_TAG.xml" \
     --disable-pytest-warnings \
-    --verbose --hosts="docker://$DOCKER_CONTAINER"
+    --verbose --hosts="docker://$DOCKER_CONTAINER"
diff --git a/test-zts.sh b/test-zts.sh
@@ -58,4 +58,4 @@ docker run --rm -t \
     renatomefi/docker-testinfra:5 \
     -m "$TEST_SUITE" --junitxml="/results/php-zts-$DOCKER_TAG.xml" \
     --disable-pytest-warnings \
-    --verbose --hosts="docker://$DOCKER_CONTAINER"
+    --verbose --hosts="docker://$DOCKER_CONTAINER"
