From 02da82fea1c1a809bee1e0410b704c30935c755f Mon Sep 17 00:00:00 2001 From: rogueking Date: Tue, 6 May 2025 15:54:35 -0700 Subject: [PATCH] workflow and docker fixes --- .gitea/workflows/trivy.yaml | 46 +++++++++++++++++++++++++++++++++++++ Dockerfile | 2 +- 2 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 .gitea/workflows/trivy.yaml diff --git a/.gitea/workflows/trivy.yaml b/.gitea/workflows/trivy.yaml new file mode 100644 index 0000000..472d507 --- /dev/null +++ b/.gitea/workflows/trivy.yaml @@ -0,0 +1,46 @@ +name: build +on: + push: + branches: + - main + pull_request: +jobs: + build: + name: Build + runs-on: ubuntu-20.04 + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Install Trivy (custom script) + run: | + set -e + + # Get the latest release version + RELEASE=$(wget -q https://github.com/aquasecurity/trivy/releases/latest -O - | grep "title>Release" | cut -d " " -f 4 | sed 's/^v//') + RELEASE_Linux=${RELEASE}_Linux + + # Download and extract Trivy + wget -q https://github.com/aquasecurity/trivy/releases/download/v$RELEASE/trivy_${RELEASE_Linux}-64bit.tar.gz + tar -xzf trivy_${RELEASE_Linux}-64bit.tar.gz + + # Move binary to /usr/bin + mv ./trivy /usr/bin + + echo "Trivy installed successfully." + + echo "Caching Trivy database..." + trivy fs --download-db-only + echo "Trivy database cached successfully." + + - name: Cache Go Modules + uses: actions/cache@v4 + with: + path: ~/.cache/trivy + key: trivy-db-${{ runner.os }}-${{ steps.trivy-version.outputs.version }} + restore-keys: | + trivy-db-${{ runner.os }}- + + - name: Run Trivy FS Scan + run: | + trivy fs ./ --severity CRITICAL,HIGH,MEDIUM,LOW \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index f904f54..b32e65a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build stage -FROM golang:1.22-alpine AS builder +FROM golang:1.24-alpine AS builder # # Install git and build dependencies # RUN apk add --no-cache git make build-base