Skip to content

ci(workflow): bump actions/setup-go from 5.1.0 to 5.2.0 #822

ci(workflow): bump actions/setup-go from 5.1.0 to 5.2.0

ci(workflow): bump actions/setup-go from 5.1.0 to 5.2.0 #822

Workflow file for this run

# SPDX-FileCopyrightText: 2022 - 2024 NRK
#
# SPDX-License-Identifier: MIT
name: "Build and test"
on:
push:
branches:
- main
pull_request:
paths-ignore:
- '.github/'
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/[email protected]
-
name: Docker build
env:
DOCKER_TAG: terraform-registry:latest
run: |
make DOCKER_TAG="${DOCKER_TAG}" build-docker
docker image save ${DOCKER_TAG} -o image.tar
-
name: Trivy vulnerability scan
uses: aquasecurity/[email protected]
with:
input: image.tar
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db