Skip to content

Merge pull request #1790 from OpenC3/trivy #2447

Merge pull request #1790 from OpenC3/trivy

Merge pull request #1790 from OpenC3/trivy #2447

Workflow file for this run

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: OpenC3 ClamAV Scan
# Only run on a push to master to avoid running for all the dependabot PRs
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
openc3-clamav-scan:
if: ${{ github.actor != 'dependabot[bot]' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Ruby 3.2
uses: ruby/setup-ruby@v1
with:
ruby-version: 3.2
bundler-cache: false # runs 'bundle install' and caches installed gems automatically
working-directory: openc3
- name: openc3.sh build
# This `shell` line is required to get around a known issue: https://github.com/actions/runner/issues/241#issuecomment-745902718
shell: 'script -q -e -c "bash {0}"'
run: ./openc3.sh build
env:
OPENC3_TAG: ${{ github.sha }}
- name: ClamAV setup and update definitions
# This `shell` line is required to get around a known issue: https://github.com/actions/runner/issues/241#issuecomment-745902718
shell: 'script -q -e -c "bash {0}"'
run: ./scripts/release/clamav_setup.sh
- name: ClamAV scan image ruby
run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-ruby:${{ github.sha }}
working-directory: scripts/release
- name: ClamAV scan image node
run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-node:${{ github.sha }}
working-directory: scripts/release
- name: ClamAV scan image base
run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-base:${{ github.sha }}
working-directory: scripts/release
- name: ClamAV scan image init
run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-cosmos-init:${{ github.sha }}
working-directory: scripts/release
- name: ClamAV scan image redis
run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-redis:${{ github.sha }}
working-directory: scripts/release
- name: ClamAV scan image minio
run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-minio:${{ github.sha }}
working-directory: scripts/release
- name: ClamAV scan image operator
run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-operator:${{ github.sha }}
working-directory: scripts/release
- name: ClamAV scan image cmd-tlm-api
run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-cosmos-cmd-tlm-api:${{ github.sha }}
working-directory: scripts/release
- name: ClamAV scan image script-runner-api
run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-cosmos-script-runner-api:${{ github.sha }}
working-directory: scripts/release
- name: ClamAV scan image traefik
run: ruby clamav_scan_image.rb docker.io/openc3inc/openc3-traefik:${{ github.sha }}
working-directory: scripts/release