Skip to content

fix: reorder steps in Docker workflow and update image reference for … #3

fix: reorder steps in Docker workflow and update image reference for …

fix: reorder steps in Docker workflow and update image reference for … #3

name: Docker Build and Trivy Scan
on:
push:
branches:
- '**'
jobs:
build-and-scan:
runs-on: ubuntu-latest
env:
DOCKER_CONTEXT: .
DOCKERFILE: Dockerfile
DOCKER_LOAD: true
TAGS: sample-python-app:${{ github.sha }}
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Set up QEMU
uses: docker/setup-qemu-action@v3.7.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3.12.0
- name: Build Docker Image
id: build-image
uses: docker/build-push-action@v6
with:
context: ${{ env.DOCKER_CONTEXT }}
file: ${{ env.DOCKERFILE }}
load: ${{ env.DOCKER_LOAD }}
tags: ${{ env.TAGS }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.33.1
with:
image-ref: ${{ env.TAGS }}
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'