[Snyk] Security upgrade org.springframework:spring-web from 3.2.6.RELEASE to 5.3.38 #104
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build,Push Image CI | |
| on: | |
| push: | |
| branches: [ master ] | |
| pull_request: | |
| branches: [ master ] | |
| env: | |
| # TODO: Change variable to your image's name. | |
| IMAGE_NAME: javagoof-c1as | |
| VERSION: latest | |
| IMAGE_PATH: registry.hub.docker.com/raphabot/java-goof | |
| # IMAGE_PATH: ${{ secrets.CONTAINER_REGISTRY_URL }}/${{ secrets.DOCKER_USERID }}/$IMAGE_NAME:$VERSION | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Set up JDK 1.8 | |
| uses: actions/setup-java@v1 | |
| with: | |
| java-version: 1.8 | |
| - name: Build with Maven & Snyk | |
| env: | |
| SNYK_API_TOKEN: ${{ secrets.SNYK_API_TOKEN }} | |
| run: | | |
| mvn snyk:monitor | |
| mvn install --file pom.xml -Prun-its | |
| # Push image to Container Registry | |
| push: | |
| # Ensure test job passes before pushing image. | |
| needs: build | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Build image | |
| run: docker build . --file Dockerfile --tag $IMAGE_NAME | |
| - name: Log into registry | |
| run: echo "${{ secrets.DOCKER_KEY }}" | docker login ${{ secrets.CONTAINER_REGISTRY_URL }} -u ${{ secrets.DOCKER_USERID }} --password-stdin | |
| - name: Push image | |
| env: | |
| DOCKER_REPO: ${{ secrets.DOCKER_USERID }} | |
| run: | | |
| IMAGE_ID=${{ secrets.CONTAINER_REGISTRY_URL }}/$DOCKER_REPO/$IMAGE_NAME | |
| echo $IMAGE_PATH | |
| docker tag $IMAGE_NAME $IMAGE_PATH | |
| docker push $IMAGE_PATH | |
| image-test: | |
| needs: push | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' | |
| steps: | |
| - name: Cloud One Container Security Scan Action | |
| uses: felipecosta09/Deep-Security-Smart-Check-Scan-Action@v1.0.2 | |
| with: | |
| # Mandatory | |
| DSSC_IMAGE_NAME: registry.hub.docker.com/raphabot/java-goof # Change with your image path. | |
| # DSSC_IMAGE_NAME: $IMAGE_PATH | |
| DSSC_SMARTCHECK_HOST: c1cs.nedemos.io | |
| DSSC_SMARTCHECK_USER: endtoenddemo | |
| DSSC_SMARTCHECK_PASSWORD: ${{ secrets.DSSC_SMARTCHECK_PASSWORD }} | |
| DSSC_IMAGE_PULL_AUTH: '{"username": "${{ secrets.DOCKER_USERID }}","password": "${{ secrets.DOCKER_KEY }}"}' | |
| # Optional | |
| DSSC_INSECURE_SKIP_TLS_VERIFY: true | |
| DSSC_INSECURE_SKIP_REGISTRY_TLS_VERIFY: false | |
| # DSSC_PREREGISTRY_SCAN: false | |
| # DSSC_PREREGISTRY_HOST: myorg.com | |
| # DSSC_PREREGISTRY_USER: admin | |
| # DSSC_PREREGISTRY_PASSWORD: 12345 | |
| # DSSC_RESULTS_FILE: /results.json | |
| DSSC_FINDINGS_THRESHOLD: '{"malware": 100, "vulnerabilities": { "defcon1": 100, "critical": 100, "high": 100 }, "contents": { "defcon1": 100, "critical": 100, "high": 100 }, "checklists": { "defcon1": 100, "critical": 100, "high": 100 }}' |