Skip to content

Commit

Permalink
Release v1.2.0
Browse files Browse the repository at this point in the history
- add emoji for security scanning action

- update release.yml

- login to docker/ghcr first, then do hadolint?

- pull debian image manually

- do not delete local docker images?

- replace sklearn with scikit-learn
  • Loading branch information
jakoch committed Jul 22, 2023
1 parent a48d0cb commit 47f882e
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 8 deletions.
2 changes: 1 addition & 1 deletion .devcontainer/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ RUN pip3 config --user set global.disable-pip-version-check true && \
pip3 install --upgrade wheel && \
pip3 install tensorflow && \
pip3 install ipykernel docutils jupyter notebook pyyaml pylint h5py && \
pip3 install numpy pandas sklearn scipy && \
pip3 install numpy pandas scikit-learn scipy && \
pip3 install matplotlib seaborn pydotplus && \
pip3 install keras --no-deps && \
pip3 install opencv-python && \
Expand Down
20 changes: 13 additions & 7 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,22 +26,28 @@ jobs:
uses: jlumbroso/free-disk-space@main # https://github.com/jlumbroso/free-disk-space
with:
tool-cache: true
docker-images: false

- name: 🤘 Checkout Code
uses: actions/checkout@v3 # https://github.com/actions/checkout

- uses: hadolint/hadolint-action@v3.1.0 # https://github.com/hadolint/hadolint-action
with:
dockerfile: .devcontainer/Dockerfile
no-fail: true

- name: 🔒 Login to Container Registry
uses: docker/login-action@v2 # https://github.com/docker/login-action
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

# https://hub.docker.com/_/debian
- name: Pull Debian Slim manually
run: |
docker pull debian:bookworm-slim
- uses: hadolint/hadolint-action@v3.1.0 # https://github.com/hadolint/hadolint-action
with:
dockerfile: .devcontainer/Dockerfile
no-fail: true

- name: 📝 Versionize
run: |
if [[ "$GITHUB_REF" =~ ^refs/tags/v* ]]; then
Expand All @@ -65,7 +71,7 @@ jobs:
docker tag ghcr.io/${{ github.repository }}:$TAG ghcr.io/${{ github.repository }}:latest
docker push ghcr.io/${{ github.repository }}:latest
- name: Scan Image for Vulnerabilities
- name: 🛡️🔍 Scan Image for Vulnerabilities
uses: aquasecurity/trivy-action@master # https://github.com/aquasecurity/trivy-action
with:
image-ref: 'ghcr.io/${{ github.repository }}:latest'
Expand All @@ -74,7 +80,7 @@ jobs:
severity: 'CRITICAL,HIGH'
ignore-unfixed: true

- name: Upload scan results to GitHub Security tab
- name: 🛡️🔼 Upload scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2 # https://github.com/github/codeql-action
with:
sarif_file: 'trivy-results.sarif'

0 comments on commit 47f882e

Please sign in to comment.