Release Snapshot #451
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# Release snapshot on CRON schedule or on demand. This workflow ensures that | |
# the main branch is ready for release and that all build configuration files | |
# are valid. Also scans tracee container images for vulnerabilities, and | |
# publishes to DockerHub as aquasec/tracee:dev and aquasec/tracee:full-dev. | |
name: Release Snapshot | |
on: | |
workflow_dispatch: {} | |
schedule: | |
- cron: "0 0 * * *" | |
env: | |
GO_VERSION: "1.17" | |
OPA_VERSION: "v0.41.0" | |
jobs: | |
release-snapshot: | |
name: Release Snapshot | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v2 | |
with: | |
submodules: true | |
- name: Install Dependencies | |
uses: ./.github/actions/build-dependencies | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
opa-version: ${{ env.OPA_VERSION }} | |
- name: Build | |
run: | | |
make -f builder/Makefile.release SNAPSHOT=1 | |
- name: Scan Docker Image for Vulnerabilities | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: "tracee:latest" | |
severity: "CRITICAL" | |
exit-code: "1" | |
- name: Scan Docker Image for Vulnerabilities | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: "tracee:full" | |
severity: "CRITICAL" | |
exit-code: "1" | |
- name: Login to docker.io registry | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USER }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Publish to docker.io registry | |
run: | | |
docker image tag tracee:latest aquasec/tracee:dev | |
docker image tag tracee:full aquasec/tracee:full-dev | |
docker image push aquasec/tracee:dev | |
docker image push aquasec/tracee:full-dev |