lowercase name

Sage-Bionetworks-Workflows · Jul 27, 2023 · 3369840 · 3369840
1 parent a0d66d0
commit 3369840
Showing 1 changed file with 16 additions and 10 deletions.
diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml
@@ -5,11 +5,11 @@ on:
       branches:
        - 'dsl2'
        - 'orca-249-push-to-ghcr'
-       
+
 env:
     # Use docker.io for Docker Hub if empty
     REGISTRY: ghcr.io
-    IMAGE_NAME: ${{ github.repository }}
+    IMAGE_NAME: sage-bionetowk
     IMAGE_TAG: latest
     # Use `latest` as the tag to compare to if empty, assuming that it's already pushed
     COMPARE_TAG: latest
@@ -28,40 +28,46 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Extract Docker metadata
+        id: metadata
+        uses: docker/metadata-action@v4
+        with:
+            images: ${{ env.REGISTRY }}/${{ github.repository }}
+
       - name: Pull the image
         run: |
-          docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
+          docker pull ${{ steps.metadata.outputs.tags }}
 
       # Deliberately chosen master here to keep up-to-date.
       - name: Run Trivy vulnerability scanner for any major issues
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
+          image-ref: ${{ steps.metadata.outputs.tags }}
           ignore-unfixed: true
           severity: 'CRITICAL,HIGH'
           limit-severities-for-sarif: true
           format: template
           template: '@/contrib/sarif.tpl'
-          output: trivy-results-${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}.sarif
+          output: trivy-results-${{ steps.metadata.outputs.tags }}.sarif
 
       # Show all detected issues.
       # Note this will show a lot more, including major un-fixed ones.
       - name: Run Trivy vulnerability scanner for local output
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
+          image-ref: ${{ steps.metadata.outputs.tags }}
           format: table
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2
         with:
-          sarif_file: trivy-results-${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}.sarif
-          category: ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} image
+          sarif_file: trivy-results-${{ steps.metadata.outputs.tags }}.sarif
+          category: ${{ steps.metadata.outputs.tags }} image
           wait-for-processing: true
 
       - name: Detain results for debug if needed
         uses: actions/upload-artifact@v3
         with:
-          name: trivy-results-${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}.sarif
-          path: trivy-results-${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}.sarif
+          name: trivy-results-${{ steps.metadata.outputs.tags }}.sarif
+          path: trivy-results-${{ steps.metadata.outputs.tags }}.sarif
           if-no-files-found: error