Examples docker images BoM/CVE scan on manual event #135
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (C) 2024 Intel Corporation | |
| # SPDX-License-Identifier: Apache-2.0 | |
| name: Examples docker images BoM/CVE scan on manual event | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| node: | |
| default: "gaudi" | |
| description: "Hardware to run scan" | |
| required: true | |
| type: string | |
| examples: | |
| default: "" | |
| description: 'List of examples to publish "AgentQnA,AudioQnA,ChatQnA,CodeGen,CodeTrans,DocIndexRetriever,DocSum,InstructionTuning,MultimodalQnA,ProductivitySuite,RerankFinetuning,SearchQnA,Translation,VideoQnA,VisualQnA"' | |
| required: false | |
| type: string | |
| images: | |
| default: "" | |
| description: 'List of images to publish "gmcmanager,gmcrouter"' | |
| required: false | |
| type: string | |
| tag: | |
| default: "latest" | |
| description: "Tag for images to scan" | |
| required: true | |
| type: string | |
| trivy_scan: | |
| default: true | |
| description: 'Scan images for CVE' | |
| required: false | |
| type: boolean | |
| permissions: read-all | |
| jobs: | |
| get-image-list: | |
| uses: ./.github/workflows/_get-image-list.yml | |
| with: | |
| examples: ${{ inputs.examples }} | |
| images: ${{ inputs.images }} | |
| trivy-scan-docker: | |
| needs: [get-image-list] | |
| if: ${{ needs.get-image-list.outputs.run_matrix != '' && inputs.trivy_scan }} | |
| strategy: | |
| matrix: ${{ fromJson(needs.get-image-list.outputs.run_matrix) }} | |
| fail-fast: false | |
| uses: ./.github/workflows/_trivy-scan.yml | |
| with: | |
| registry: "opea" | |
| tag: ${{ inputs.tag }} | |
| image: ${{ matrix.image }} | |
| dockerfile: ${{ matrix.dockerfile }} | |
| node: ${{ inputs.node }} | |
| secrets: inherit | |
| upload-artifacts: | |
| needs: [trivy-scan-docker] | |
| runs-on: "docker-build-${{ inputs.node }}" | |
| if: always() | |
| steps: | |
| - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b | |
| with: | |
| name: trivy-scan-${{ inputs.tag }}-${{ github.run_number }} | |
| path: /tmp/scan-${{ inputs.tag }}-${{ github.run_number }}/*-trivy-scan.txt | |
| overwrite: true | |
| - name: Remove Logs | |
| run: rm -rf /tmp/scan-${{ inputs.tag }}-${{ github.run_number }} && rm -rf /tmp/sbom-action-* |