Skip to content

Periodic Scan Containers for Security Issues #377

Periodic Scan Containers for Security Issues

Periodic Scan Containers for Security Issues #377

Workflow file for this run

name: Periodic Scan Containers for Security Issues
on:
schedule:
- cron: '30 1 * * *'
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
generate-tests:
name: Generate Jobs
runs-on: ubuntu-latest
outputs:
strategy: ${{ steps.get-products.outputs.strategy }}
steps:
- name: Checkout percona/percona-docker repository
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Generate Jobs
id: get-products
run: |
set -o xtrace
strategy='{"fail-fast":false,"matrix":{"include":[]}}'
for folder in `ls -d */`; do
product_name=$(echo ${folder}| cut -d '/' -f 1)
if [ -d "${product_name}" ] && [ -f "${product_name}/Dockerfile" ]; then
docker_tag="percona/${product_name}:cron"
docker_build="docker build --no-cache -t ${docker_tag} ${product_name}"
strategy=$(echo ${strategy} | \
jq -c \
--arg product_name "${product_name}" \
--arg docker_build "${docker_build}" \
--arg docker_tag "${docker_tag}" \
'.matrix.include += [
.include
| .name=$product_name
| .runs.build=$docker_build
| .runs.test=$docker_tag
]'
)
fi
done
jq . <<<"$strategy" # sanity check / debugging aid
echo "::set-output name=strategy::$strategy"
test:
needs: generate-tests
runs-on: ubuntu-latest
strategy: ${{ fromJSON(needs.generate-tests.outputs.strategy) }}
name: ${{ matrix.name }}
steps:
- name: Checkout percona/percona-docker repository
uses: actions/checkout@v3
- run: ${{ matrix.runs.build }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ matrix.runs.test }}
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'