update ci

Author: fabien-sanglier-ibm

.github/workflows/ci.yml

@@ -82,37 +82,37 @@ jobs:
         run: |
           curl -o wpm.zip ${{ secrets.WPM_DOWNLOAD_URI }} && unzip wpm.zip
 
-      # Build and push Docker image with Buildx
-      # https://github.com/docker/build-push-action
-      - name: Build and push Docker image
-        id: build-before-sec-scans
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: Dockerfile
-          platforms: linux/amd64
-          build-args: |
-            BASE_IMAGE=${{ env.WEBMETHODS_BASE_REGISTRY }}/${{ env.WEBMETHODS_BASE_REPOSITORY }}:${{ env.WEBMETHODS_BASE_TAG }}
-            WPM_TOKEN=${{ secrets.WPM_TOKEN }}
-            WPM_PACKAGES=${{ env.WPM_PACKAGES }}
-          load: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-
-      - name: Run Trivy vulnerability scanner HTML
-        continue-on-error: true
-        uses: aquasecurity/trivy-action@0.30.0
-        with:
-          image-ref: ${{ steps.build-before-sec-scans.outputs.digest }}
-          # For now, always succeed when vulns are detected.
-          # Later, we can flip this to '1' to fail builds.
-          exit-code: '0'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH,MEDIUM'
-          format: template
-          template: "@$HOME/.local/bin/trivy-bin/contrib/html.tpl"
-          output: trivy-${{ github.workflow }}.html
+      # # Build image for scanning
+      # # https://github.com/docker/build-push-action
+      # - name: Build and push Docker image
+      #   id: build-before-sec-scans
+      #   uses: docker/build-push-action@v6
+      #   with:
+      #     context: .
+      #     file: Dockerfile
+      #     platforms: linux/amd64
+      #     build-args: |
+      #       BASE_IMAGE=${{ env.WEBMETHODS_BASE_REGISTRY }}/${{ env.WEBMETHODS_BASE_REPOSITORY }}:${{ env.WEBMETHODS_BASE_TAG }}
+      #       WPM_TOKEN=${{ secrets.WPM_TOKEN }}
+      #       WPM_PACKAGES=${{ env.WPM_PACKAGES }}
+      #     load: true
+      #     tags: ${{ steps.meta.outputs.tags }}
+      #     labels: ${{ steps.meta.outputs.labels }}
+
+      # - name: Run Trivy vulnerability scanner HTML
+      #   continue-on-error: true
+      #   uses: aquasecurity/trivy-action@0.30.0
+      #   with:
+      #     image-ref: ${{ steps.build-before-sec-scans.outputs.digest }}
+      #     # For now, always succeed when vulns are detected.
+      #     # Later, we can flip this to '1' to fail builds.
+      #     exit-code: '0'
+      #     ignore-unfixed: true
+      #     vuln-type: 'os,library'
+      #     severity: 'CRITICAL,HIGH,MEDIUM'
+      #     format: template
+      #     template: "@$HOME/.local/bin/trivy-bin/contrib/html.tpl"
+      #     output: trivy-${{ github.workflow }}.html
 
       - name: Build and push Docker image
         id: build-and-push-after-sec-scans
@@ -130,14 +130,14 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
 
 
-      - name: Simple digest descriptor
-        run: echo "Container Digest=${{ steps.build-and-push-after-sec-scans.outputs.digest }}" > digest-${{ github.workflow }}.txt
+      # - name: Simple digest descriptor
+      #   run: echo "Container Digest=${{ steps.build-and-push-after-sec-scans.outputs.digest }}" > digest-${{ github.workflow }}.txt
 
-      - name: Create Release
-        if: ${{ startsWith(github.ref, 'refs/tags/') }}
-        uses: softprops/action-gh-release@v2
-        with:
-          files: |
-            digest-${{ github.workflow }}.txt
-            trivy-${{ github.workflow }}.html
+      # - name: Create Release
+      #   if: ${{ startsWith(github.ref, 'refs/tags/') }}
+      #   uses: softprops/action-gh-release@v2
+      #   with:
+      #     files: |
+      #       digest-${{ github.workflow }}.txt
+      #       trivy-${{ github.workflow }}.html