CI: Add image scan

2024-01-10 23:36:10 +01:00 · 2024-01-10 23:36:10 +01:00 · 8b67c1dfbc
commit 8b67c1dfbc
parent c9e62c83d3
7 changed files with 84 additions and 15 deletions
--- a/.github/workflows/setup-cluster.yml
+++ b/.github/workflows/setup-cluster.yml
@ -15,11 +15,19 @@ on:

 jobs:
  setup-cluster:
-    name: minikube
    runs-on: ubuntu-latest
    steps:
-      - name: start minikube
-        id: minikube
-        uses: medyagh/setup-minikube@latest
-      - name: kubectl
-        run: kubectl get pods -A
+    - name: Checkout code
+      uses: actions/checkout@v3
+    - name: Start minikube
+      id: minikube
+      uses: medyagh/setup-minikube@latest
+    - name: kubectl
+      run: kubectl get pods -A -o wide
+    - name: Setup cluster
+      run: |
+        ./run.sh
+    - name: kubectl
+      run: |
+        kubectl get pods -A -o wide && \
+        kubectl get helmrelease -A
--- a/.github/workflows/vulnerability-scan.yml
+++ b/.github/workflows/vulnerability-scan.yml
@ -0,0 +1,21 @@
+name: Scan
+on:
+  push:
+    branches:
+      - '**'
+  pull_request:
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'ghcr.io/bbusse/gtfso-import'
+          format: 'sarif'
+          output: 'trivy-results.sarif'