From 47f882e2a17699cf7450cd8563fa5c999a4c80ac Mon Sep 17 00:00:00 2001 From: "Jens A. Koch" Date: Sat, 22 Jul 2023 18:41:43 +0200 Subject: [PATCH] Release v1.2.0 - add emoji for security scanning action - update release.yml - login to docker/ghcr first, then do hadolint? - pull debian image manually - do not delete local docker images? - replace sklearn with scikit-learn --- .devcontainer/Dockerfile | 2 +- .github/workflows/release.yml | 20 +++++++++++++------- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index b81ab11..16b7a35 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -77,7 +77,7 @@ RUN pip3 config --user set global.disable-pip-version-check true && \ pip3 install --upgrade wheel && \ pip3 install tensorflow && \ pip3 install ipykernel docutils jupyter notebook pyyaml pylint h5py && \ - pip3 install numpy pandas sklearn scipy && \ + pip3 install numpy pandas scikit-learn scipy && \ pip3 install matplotlib seaborn pydotplus && \ pip3 install keras --no-deps && \ pip3 install opencv-python && \ diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e79f9c0..66e4aad 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,15 +26,11 @@ jobs: uses: jlumbroso/free-disk-space@main # https://github.com/jlumbroso/free-disk-space with: tool-cache: true + docker-images: false - name: 🤘 Checkout Code uses: actions/checkout@v3 # https://github.com/actions/checkout - - uses: hadolint/hadolint-action@v3.1.0 # https://github.com/hadolint/hadolint-action - with: - dockerfile: .devcontainer/Dockerfile - no-fail: true - - name: 🔒 Login to Container Registry uses: docker/login-action@v2 # https://github.com/docker/login-action with: @@ -42,6 +38,16 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + # https://hub.docker.com/_/debian + - name: Pull Debian Slim manually + run: | + docker pull debian:bookworm-slim + + - uses: hadolint/hadolint-action@v3.1.0 # https://github.com/hadolint/hadolint-action + with: + dockerfile: .devcontainer/Dockerfile + no-fail: true + - name: 📝 Versionize run: | if [[ "$GITHUB_REF" =~ ^refs/tags/v* ]]; then @@ -65,7 +71,7 @@ jobs: docker tag ghcr.io/${{ github.repository }}:$TAG ghcr.io/${{ github.repository }}:latest docker push ghcr.io/${{ github.repository }}:latest - - name: Scan Image for Vulnerabilities + - name: 🛡️🔍 Scan Image for Vulnerabilities uses: aquasecurity/trivy-action@master # https://github.com/aquasecurity/trivy-action with: image-ref: 'ghcr.io/${{ github.repository }}:latest' @@ -74,7 +80,7 @@ jobs: severity: 'CRITICAL,HIGH' ignore-unfixed: true - - name: Upload scan results to GitHub Security tab + - name: 🛡️🔼 Upload scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v2 # https://github.com/github/codeql-action with: sarif_file: 'trivy-results.sarif'