enh: add clair to docker build and push (#71)

notdodo · Jul 13, 2024 · 6583952 · 6583952
1 parent a3f093a
commit 6583952
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/.github/workflows/docker-build-and-push.yml b/.github/workflows/docker-build-and-push.yml
@@ -96,6 +96,20 @@ jobs:
           tags: ${{ steps.metadata.outputs.tags }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+
+      - name: Run Clair V4
+        uses: quay/clair-action@9b5f21b89968925c0ab26064b4e2006efa079e0a
+        # v0.0.8
+        with:
+          image-path: ${{ inputs/registry }}/${{ inputs.image }}
+          format: sarif
+          output: clair_results.sarif
+
+      - name: Upload sarif
+        uses: github/codeql-action/upload-sarif@4b6aa0b07da05d6e43d0e5f9c8596a6532ce1c85
+        with:
+          sarif_file: clair_results.sarif
+
       - name: Generate artifact attestation
         if: inputs.push
         uses: actions/attest-build-provenance@bdd51370e0416ac948727f861e03c2f05d32d78e

diff --git a/auto-tagger/Dockerfile b/auto-tagger/Dockerfile
@@ -27,4 +27,4 @@ WORKDIR /app
 COPY --from=builder ${VIRTUAL_ENV} ${VIRTUAL_ENV}
 COPY *.py /app/
 
-CMD ["python", "/app/main.py"]
+CMD ["python", "/app/main.py"]