Skip to content

chore(deps): Bump idna from 3.4 to 3.7 #345

chore(deps): Bump idna from 3.4 to 3.7

chore(deps): Bump idna from 3.4 to 3.7 #345

Workflow file for this run

name: Build and Test
on:
push:
branches:
- master
pull_request:
branches:
- master
paths:
- "**/Dockerfile"
- "poetry.lock"
- "pyproject.toml"
- ".github/workflows/test.yaml"
env:
DOCKER_USERNAME: tiryoh
DOCKER_IMAGENAME: mkdocs-builder
jobs:
build:
strategy:
matrix:
target: [alpine, debian]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build docker image
env:
DOCKER_LABEL: ${{ matrix.target }}
run: |
docker build -t $DOCKER_USERNAME/$DOCKER_IMAGENAME:$DOCKER_LABEL -f $DOCKER_LABEL/Dockerfile .
- name: Checkout mkdocs
uses: actions/checkout@v4
with:
repository: squidfunk/mkdocs-material
path: mkdocs-material
- name: Test building mkdocs
env:
DOCKER_LABEL: ${{ matrix.target }}
run: |
docker run --rm -v $PWD/mkdocs-material:/docs $DOCKER_USERNAME/$DOCKER_IMAGENAME:$DOCKER_LABEL build
- name: List docker images
run: |
mkdir -p build_log
docker image ls "$DOCKER_USERNAME/*" | tee ./build_log/docker_images.txt
- uses: actions/upload-artifact@v3
with:
name: build-log-${{ matrix.target }}
path: build_log
# - name: Install Trivy
# run: |
# sudo apt-get install apt-transport-https gnupg
# wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
# echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -cs) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
# sudo apt-get update
# sudo apt-get install trivy
# - name: Install Trivy template
# uses: actions/checkout@v4
# with:
# repository: aquasecurity/trivy
# path: trivy
# - name: Vulnerability Scan with Trivy
# env:
# DOCKER_LABEL: ${{ matrix.target }}
# run: |
# trivy image --format template --template "@trivy/contrib/sarif.tpl" --exit-code 0 --vuln-type os,library --severity CRITICAL,HIGH --output trivy-results.sarif --no-progress $DOCKER_USERNAME/$DOCKER_IMAGENAME:$DOCKER_LABEL
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ env.DOCKER_USERNAME }}/${{ env.DOCKER_IMAGENAME }}:${{ matrix.target }}'
exit-code: '0'
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'
wait-for-processing: true