Improve workflows (Test, lint & scan) #4
Annotations
1 error, 5 warnings, and 3 notices
Upload Trivy scan results to GitHub Security tab
Path does not exist: trivy-results.sarif
|
ckan-mqa/Dockerfile#L12
Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
|
ckan-mqa/Dockerfile#L12
Avoid use of cache directory with pip. Use `pip install --no-cache-dir <package>`
|
ckan-mqa/Dockerfile#L12
Pin versions in pip. Instead of `pip install <package>` use `pip install <package>==<version>` or `pip install --requirement <requirements file>`
|
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: docker/metadata-action@v4, github/codeql-action/upload-sarif@v2. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
|
Upload Trivy scan results to GitHub Security tab
CodeQL Action v2 will be deprecated on December 5th, 2024. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/
|
ckan-mqa/Dockerfile#L12
Delete the apt-get lists after installing something
|
ckan-mqa/Dockerfile#L12
Avoid use of wget without progress bar. Use `wget --progress=dot:giga <url>`. Or consider using `-q` or `-nv` (shorthands for `--quiet` or `--no-verbose`).
|
ckan-mqa/Dockerfile#L12
Avoid additional packages by specifying `--no-install-recommends`
|
The logs for this run have expired and are no longer available.
Loading