Skip to content

reverse merge

reverse merge #1

#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
name: Pinot Dependencies
on:
push:
branches:
- master
pull_request:
branches:
- master
paths:
- "**/pom.xml"
- "**/package.json"
- "**/package-lock.json"
- "docker/images/pinot/**"
- ".github/workflows/**"
jobs:
verify-docker:
if: github.repository == 'apache/pinot'
name: Verify Docker Image
runs-on: ubuntu-latest
steps:
- uses: docker/setup-qemu-action@v3
name: Set up QEMU
- uses: actions/checkout@v4
- name: Build the Docker image
env:
DOCKER_FILE_BASE_DIR: "docker/images/pinot"
DOCKER_IMAGE_NAME: "apachepinot/pinot"
PINOT_GIT_URL: ${{ github.event.inputs.gitUrl }}
PINOT_BRANCH: ${{ env.GITHUB_REF }}
PINOT_SHA: ${{ github.sha }}
run: .github/workflows/scripts/.pinot_vuln_check.sh
- name: Run Trivy vulnerability scanner (sarif)
uses: aquasecurity/trivy-action@master
with:
trivyignores: '.trivyignore'
image-ref: 'apachepinot/pinot:${{ github.sha }}'
format: 'sarif'
output: 'trivy-results.sarif'
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
timeout: '10m'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'