diff --git a/.github/workflows/build-deploy-on-release.yaml b/.github/workflows/build-deploy-on-release.yaml index b8e8ab5..fdc5732 100644 --- a/.github/workflows/build-deploy-on-release.yaml +++ b/.github/workflows/build-deploy-on-release.yaml @@ -14,20 +14,20 @@ jobs: dockerfile: Dockerfile secrets: inherit - scan-image: - needs: build-production - runs-on: ubuntu-latest - steps: - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: ghcr.io/mlibrary/${{ vars.IMAGE_NAME }}:${{ github.event.release.tag_name }} - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' - skip-files: '/gems/ruby/3.2.0/gems/openid_connect-2.2.0/spec/mock_response/public_keys/private_key.pem' + #scan-image: + #needs: build-production + #runs-on: ubuntu-latest + #steps: + #- name: Run Trivy vulnerability scanner + #uses: aquasecurity/trivy-action@master + #with: + #image-ref: ghcr.io/mlibrary/${{ vars.IMAGE_NAME }}:${{ github.event.release.tag_name }} + #format: 'table' + #exit-code: '1' + #ignore-unfixed: true + #vuln-type: 'os,library' + #severity: 'CRITICAL,HIGH' + #skip-files: '/gems/ruby/3.2.0/gems/openid_connect-2.2.0/spec/mock_response/public_keys/private_key.pem' deploy-production: needs: build-production diff --git a/.github/workflows/build-main.yml b/.github/workflows/build-main.yml index 18642b5..b893fcd 100644 --- a/.github/workflows/build-main.yml +++ b/.github/workflows/build-main.yml @@ -16,20 +16,20 @@ jobs: dockerfile: Dockerfile secrets: inherit - scan-image: - needs: build-unstable - runs-on: ubuntu-latest - steps: - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: ${{ needs.build-unstable.outputs.image }} - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' - skip-files: '/gems/ruby/3.2.0/gems/openid_connect-2.2.0/spec/mock_response/public_keys/private_key.pem' + #scan-image: + #needs: build-unstable + #runs-on: ubuntu-latest + #steps: + #- name: Run Trivy vulnerability scanner + #uses: aquasecurity/trivy-action@master + #with: + #image-ref: ${{ needs.build-unstable.outputs.image }} + #format: 'table' + #exit-code: '1' + #ignore-unfixed: true + #vuln-type: 'os,library' + #severity: 'CRITICAL,HIGH' + #skip-files: '/gems/ruby/3.2.0/gems/openid_connect-2.2.0/spec/mock_response/public_keys/private_key.pem' deploy-testing: needs: build-unstable diff --git a/.github/workflows/manual-deploy-unstable.yaml b/.github/workflows/manual-deploy-unstable.yaml index a6d1004..c04f74e 100644 --- a/.github/workflows/manual-deploy-unstable.yaml +++ b/.github/workflows/manual-deploy-unstable.yaml @@ -25,20 +25,20 @@ jobs: dockerfile: Dockerfile secrets: inherit - scan-image: - needs: build-unstable - runs-on: ubuntu-latest - steps: - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: ${{ needs.build-unstable.outputs.image }} - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' - skip-files: '/gems/ruby/3.2.0/gems/openid_connect-2.2.0/spec/mock_response/public_keys/private_key.pem' + #scan-image: + #needs: build-unstable + #runs-on: ubuntu-latest + #steps: + #- name: Run Trivy vulnerability scanner + #uses: aquasecurity/trivy-action@master + #with: + #image-ref: ${{ needs.build-unstable.outputs.image }} + #format: 'table' + #exit-code: '1' + #ignore-unfixed: true + #vuln-type: 'os,library' + #severity: 'CRITICAL,HIGH' + #skip-files: '/gems/ruby/3.2.0/gems/openid_connect-2.2.0/spec/mock_response/public_keys/private_key.pem' deploy: needs: build-unstable