CVE checks docker master #54

	name: CVE checks docker master
	on:
	workflow_dispatch:
	schedule:
	# * is a special character in YAML so you have to quote this string
	- cron: '0 8 15 * *'
	jobs:
	build-and-test:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3

	- name: Set up JDK
	uses: actions/setup-java@v3
	with:
	java-version: '17'
	distribution: 'zulu'
	cache: 'maven'

	- name: Build project
	id: build
	run: \|
	./mvnw -B -ntp versions:set -DnewVersion=$GITHUB_SHA
	./mvnw -B -V -ntp clean package -DskipTests
	export VERSION=$(./mvnw -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
	echo "version=${VERSION}" >> $GITHUB_OUTPUT

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v2

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2

	- name: Cache Docker layers
	uses: actions/cache@v3
	with:
	path: /tmp/.buildx-cache
	key: ${{ runner.os }}-buildx-${{ github.sha }}
	restore-keys: \|
	${{ runner.os }}-buildx-

	- name: Build docker image
	uses: docker/build-push-action@v4
	with:
	builder: ${{ steps.buildx.outputs.name }}
	context: kafka-ui-api
	platforms: linux/amd64
	push: false
	load: true
	tags: \|
	provectuslabs/kafka-ui:${{ steps.build.outputs.version }}
	build-args: \|
	JAR_FILE=kafka-ui-api-${{ steps.build.outputs.version }}.jar
	cache-from: type=local,src=/tmp/.buildx-cache
	cache-to: type=local,dest=/tmp/.buildx-cache

	- name: Run CVE checks
	uses: aquasecurity/[email protected]
	with:
	image-ref: "provectuslabs/kafka-ui:${{ steps.build.outputs.version }}"
	format: "table"
	exit-code: "1"

Provide feedback