Skip to content

feat: add caching and attestation checking #28

feat: add caching and attestation checking

feat: add caching and attestation checking #28

Workflow file for this run

name: Build images
permissions: {}
on:
push:
branches:
- '*'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build-images:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Setup build env
uses: ./.github/actions/setup-build-env
with:
build-cache-key: build-images
- name: docker build
run: VERSION=${{ github.ref_name }} make docker-build
- name: Trivy Scan Image
uses: aquasecurity/trivy-action@41f05d9ecffa2ed3f1580af306000f734b733e54 # v0.11.2
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH'