diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 908ddcba9f0..9e24c65282b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1774,16 +1774,7 @@ jobs: steps: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-besu-all-in-one - run: DOCKER_BUILDKIT=1 docker build ./tools/docker/besu-all-in-one/ -f ./tools/docker/besu-all-in-one/Dockerfile -t cactus-besu-all-in-one - - name: Run Trivy vulnerability scan for cactus-besu-all-in-one - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-besu-all-in-one' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + run: DOCKER_BUILDKIT=1 docker build ./tools/docker/besu-all-in-one/ -f ./tools/docker/besu-all-in-one/Dockerfile ghcr-cmd-api-server: runs-on: ubuntu-20.04 steps: @@ -1805,7 +1796,7 @@ jobs: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-connector-besu run: DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-ledger-connector-besu/ -f ./packages/cactus-plugin-ledger-connector-besu/Dockerfile -t cactus-connector-besu - - name: Run Trivy vulnerability scan for cactus-connector-besu + - name: Run Trivy vulnerability scan for cactus-connector-plugin-ledger-besu uses: aquasecurity/trivy-action@0.11.2 with: image-ref: 'cactus-connector-besu' @@ -1820,7 +1811,7 @@ jobs: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-connector-corda-server run: DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-ledger-connector-corda/src/main-server/ -f ./packages/cactus-plugin-ledger-connector-corda/src/main-server/Dockerfile -t cactus-connector-corda-server - - name: Run Trivy vulnerability scan for cactus-connector-corda-server + - name: Run Trivy vulnerability scan for plugin-ledger-connector-corda uses: aquasecurity/trivy-action@0.11.2 with: image-ref: 'cactus-connector-corda-server' @@ -1835,7 +1826,7 @@ jobs: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-connector-fabric run: DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-ledger-connector-fabric/ -f ./packages/cactus-plugin-ledger-connector-fabric/Dockerfile -t cactus-connector-fabric - - name: Run Trivy vulnerability scan for cactus-connector-fabric + - name: Run Trivy vulnerability scan for cactus-plugin-ledger-connector-fabric uses: aquasecurity/trivy-action@0.11.2 with: image-ref: 'cactus-connector-fabric' @@ -1844,6 +1835,36 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' + scan-cactus-connector-quorum: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v3.5.2 + - name: Build an image from Dockerfile + run: DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-ledger-connector-quorum/ -f ./packages/cactus-plugin-ledger-connector-quorum/Dockerfile -t cactus-connector-quorum + - name: Run Trivy vulnerability scan for cactus-plugin-ledger-connector-quorum + uses: aquasecurity/trivy-action@0.11.2 + with: + image-ref: 'cactus-connector-quorum' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + scan-cactus-connector-iroha: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v3.5.2 + - name: Build an image from Dockerfile + run: DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-ledger-connector-iroha/ -f ./packages/cactus-plugin-ledger-connector-iroha/Dockerfile -t cactus-connector-iroha + - name: Run Trivy vulnerability scan for cactus-plugin-ledger-connector-iroha + uses: aquasecurity/trivy-action@0.11.2 + with: + image-ref: 'cactus-connector-iroha' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' ghcr-corda-all-in-one: runs-on: ubuntu-20.04 steps: @@ -1870,16 +1891,7 @@ jobs: steps: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-corda-all-in-one-obligation - run: DOCKER_BUILDKIT=1 docker build ./tools/docker/corda-all-in-one/ -f ./tools/docker/corda-all-in-one/corda-v4_8/Dockerfile -t cactus-corda-all-in-one-obligation - - name: Run Trivy vulnerability scan for cactus-corda-all-in-one-obligation - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-corda-all-in-one-obligation' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + run: DOCKER_BUILDKIT=1 docker build ./tools/docker/corda-all-in-one/ -f ./tools/docker/corda-all-in-one/corda-v4_8/Dockerfile ghcr-dev-container-vscode: runs-on: ubuntu-20.04 env: @@ -1899,83 +1911,38 @@ jobs: steps: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-example-carbon-accounting - run: DOCKER_BUILDKIT=1 docker build . -f ./examples/carbon-accounting/Dockerfile -t cactus-example-carbon-accounting - - name: Run Trivy vulnerability scan for cactus-example-carbon-accounting - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-example-carbon-accounting' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + run: DOCKER_BUILDKIT=1 docker build . -f ./examples/carbon-accounting/Dockerfile ghcr-example-supply-chain-app: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-example-supply-chain-app - run: DOCKER_BUILDKIT=1 docker build . -f ./examples/supply-chain-app/Dockerfile -t cactus-example-supply-chain-app - - name: Run Trivy vulnerability scan for cactus-example-supply-chain-app - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-example-supply-chain-app' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + run: DOCKER_BUILDKIT=1 docker build . -f ./examples/supply-chain-app/Dockerfile ghcr-fabric-all-in-one: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-fabric-all-in-one - run: DOCKER_BUILDKIT=1 docker build ./tools/docker/fabric-all-in-one/ -f ./tools/docker/fabric-all-in-one/Dockerfile_v1.4.x -t cactus-fabric-all-in-one - - name: Run Trivy vulnerability scan for cactus-fabric-all-in-one - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-fabric-all-in-one' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + run: DOCKER_BUILDKIT=1 docker build ./tools/docker/fabric-all-in-one/ -f ./tools/docker/fabric-all-in-one/Dockerfile_v1.4.x ghcr-fabric2-all-in-one: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-fabric2-all-in-one - run: DOCKER_BUILDKIT=1 docker build ./tools/docker/fabric-all-in-one/ -f ./tools/docker/fabric-all-in-one/Dockerfile_v2.x -t cactus-fabric2-all-in-one - - name: Run Trivy vulnerability scan for cactus-fabric2-all-in-one - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-fabric2-all-in-one' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + run: DOCKER_BUILDKIT=1 docker build ./tools/docker/fabric-all-in-one/ -f ./tools/docker/fabric-all-in-one/Dockerfile_v2.x ghcr-iroha-all-in-one: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-iroha-all-in-one - run: DOCKER_BUILDKIT=1 docker build ./tools/docker/iroha-all-in-one/ -f ./tools/docker/iroha-all-in-one/Dockerfile -t cactus-iroha-all-in-one - - name: Run Trivy vulnerability scan for cactus-iroha-all-in-one - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-iroha-all-in-one' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + run: DOCKER_BUILDKIT=1 docker build ./tools/docker/iroha-all-in-one/ -f ./tools/docker/iroha-all-in-one/Dockerfile ghcr-keychain-vault-server: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-keychain-vault-server run: DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-keychain-vault/src/cactus-keychain-vault-server/ -f ./packages/cactus-plugin-keychain-vault/src/cactus-keychain-vault-server/Dockerfile -t cactus-keychain-vault-server - - name: Run Trivy vulnerability scan for cactus-keychain-vault-server + - name: Run Trivy vulnerability scan for cactus-plugin-keychain-vault-server uses: aquasecurity/trivy-action@0.11.2 with: image-ref: 'cactus-keychain-vault-server' @@ -1989,76 +1956,31 @@ jobs: steps: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-quorum-all-in-one - run: DOCKER_BUILDKIT=1 docker build ./tools/docker/quorum-all-in-one/ -f ./tools/docker/quorum-all-in-one/Dockerfile -t cactus-quorum-all-in-one - - name: Run Trivy vulnerability scan for cactus-quorum-all-in-one - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-quorum-all-in-one' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + run: DOCKER_BUILDKIT=1 docker build ./tools/docker/quorum-all-in-one/ -f ./tools/docker/quorum-all-in-one/Dockerfile ghcr-quorum-multi-party-all-in-one: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-quorum-multi-party-all-in-one - run: DOCKER_BUILDKIT=1 docker build ./tools/docker/quorum-multi-party-all-in-one/ -f ./tools/docker/quorum-multi-party-all-in-one/Dockerfile -t cactus-quorum-multi-party-all-in-one - - name: Run Trivy vulnerability scan for cactus-quorum-multi-party-all-in-one - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-quorum-multi-party-all-in-one' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + run: DOCKER_BUILDKIT=1 docker build ./tools/docker/quorum-multi-party-all-in-one/ -f ./tools/docker/quorum-multi-party-all-in-one/Dockerfile ghcr-rust-compiler: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-rust-compiler - run: DOCKER_BUILDKIT=1 docker build ./tools/docker/rust-compiler/ -f ./tools/docker/rust-compiler/Dockerfile -t cactus-rust-compiler - - name: Run Trivy vulnerability scan for cactus-rust-compiler - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-rust-compiler' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + run: DOCKER_BUILDKIT=1 docker build ./tools/docker/rust-compiler/ -f ./tools/docker/rust-compiler/Dockerfile ghcr-test-npm-registry: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-test-npm-registry - run: DOCKER_BUILDKIT=1 docker build ./tools/docker/test-npm-registry/ -f ./tools/docker/test-npm-registry/Dockerfile -t cactus-test-npm-registry - - name: Run Trivy vulnerability scan for cactus-test-npm-registry - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-test-npm-registry' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + run: DOCKER_BUILDKIT=1 docker build ./tools/docker/test-npm-registry/ -f ./tools/docker/test-npm-registry/Dockerfile ghcr-whitepaper: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-whitepaper - run: DOCKER_BUILDKIT=1 docker build ./whitepaper/ -f ./whitepaper/Dockerfile -t cactus-whitepaper - - name: Run Trivy vulnerability scan for cactus-whitepaper - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-whitepaper' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + run: DOCKER_BUILDKIT=1 docker build ./whitepaper/ -f ./whitepaper/Dockerfile name: Cactus_CI 'on': pull_request: