Merge pull request #116 from communitiesuk/enable-dev-autoload #105
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Anchore scan | |
on: | |
push: | |
branches: | |
- main | |
- master | |
paths-ignore: | |
- "python/**" | |
workflow_dispatch: | |
jobs: | |
designer-scan: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- name: Docker compose pull designer | |
run: docker pull ghcr.io/communitiesuk/funding-service-design-form-designer-adapter:latest | |
- name: Docker layer caching | |
uses: satackey/[email protected] | |
continue-on-error: true | |
with: | |
# Layers are cached by keys | |
# docker-layer-caching action has an issue which causes layers to dangle, | |
# and this will eventually build up and increase pull time significantly | |
# see https://github.com/satackey/action-docker-layer-caching/issues/55 | |
# ATM solution is to change keys periodically to avoid the dangling layers | |
# for that just increase the number you see in key and restore-keys below (same number in both keys). | |
key: digital-form-builder-adapter-2-{hash} | |
restore-keys: | | |
digital-form-builder-adapter-2 | |
- name: Scan image | |
uses: anchore/scan-action@v2 | |
with: | |
image: "ghcr.io/communitiesuk/funding-service-design-form-designer-adapter:latest" | |
fail-build: false | |
severity-cutoff: critical | |
- name: Upload artifact | |
uses: actions/[email protected] | |
if: ${{ success() || failure() }} | |
with: | |
name: AnchoreReports-Designer | |
path: vulnerabilities.json | |
runner-scan: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- name: Docker compose pull runner | |
run: docker pull ghcr.io/communitiesuk/funding-service-design-form-runner-adapter:latest | |
- name: Docker layer caching | |
uses: satackey/[email protected] | |
continue-on-error: true | |
with: | |
# Layers are cached by keys | |
# docker-layer-caching action has an issue which causes layers to dangle, | |
# and this will eventually build up and increase pull time significantly | |
# see https://github.com/satackey/action-docker-layer-caching/issues/55 | |
# ATM solution is to change keys periodically to avoid the dangling layers | |
# for that just increase the number you see in key and restore-keys below (same number in both keys). | |
key: digital-form-builder-2-{hash} | |
restore-keys: | | |
digital-form-builder-2 | |
- name: Scan image | |
uses: anchore/scan-action@v2 | |
with: | |
image: "ghcr.io/communitiesuk/funding-service-design-form-runner-adapter:latest" | |
acs-report-enable: true | |
fail-build: false | |
severity-cutoff: critical | |
- name: Upload artifact | |
uses: actions/[email protected] | |
if: ${{ success() || failure() }} | |
with: | |
name: AnchoreReports-Runner | |
path: vulnerabilities.json |