Bump docker/build-push-action from 4.0.0 to 4.2.1 #31
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Call Trivy | |
| # Example source: https://github.com/BretFisher/github-actions-templates | |
| # THIS IS NOT A TEMPLATE. | |
| # This is just for linting the gha-workflows repo itself. | |
| # We call the reusable workflow from its file path. | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - 'README.md' | |
| - '.github/linters/**' | |
| pull_request: | |
| paths-ignore: | |
| - 'README.md' | |
| - '.github/linters/**' | |
| # cancel any previously-started, yet still active runs of this workflow on the same branch | |
| concurrency: | |
| group: ${{ github.ref }}-${{ github.workflow }} | |
| cancel-in-progress: true | |
| jobs: | |
| scan: | |
| name: Scan | |
| permissions: read-all | |
| uses: ./.github/workflows/reusable-trivy-scan-image.yaml | |
| secrets: | |
| registry-username: ${{ github.actor }} | |
| registry-password: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| ### REQUIRED | |
| ### image to scan | |
| image: 'ghcr.io/mostlydevops/actions:latest' | |
| ### defaults to 0, which doesn't fail job if CVEs are found | |
| ### set to 1 to fail (blocking) if CVEs (of your severities) are found | |
| # exit-code: 0 | |
| ### Comma delimited list of severities to scan for UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL | |
| ### default is HIGH,CRITICAL | |
| # severity: HIGH,CRITICAL | |
| ### Ignore unpatched/unfixed vulnerabilities | |
| ### defaults to true | |
| # ignore-unfixed: true | |
| ### Upload scan results to GitHub Security tab | |
| ### defaults to false | |
| # upload-results: false |