Skip to content

Commit

Permalink
IT-3921: Rebuild container when Trivy code scan fails
Browse files Browse the repository at this point in the history
  • Loading branch information
brucehoff committed Oct 31, 2024
1 parent b473a3a commit 3df4546
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .github/workflows/trivy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -87,4 +87,7 @@ jobs:
with:
sarif_file: ${{ env.sarif_file_name }}
wait-for-processing: true

outputs:
trivy_conclusion: steps.trivy.outputs.conclusion
...
14 changes: 14 additions & 0 deletions .github/workflows/trivy_periodic_image_scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,4 +32,18 @@ jobs:
# While GitHub repo's can be mixed (upper and lower) case,
# Docker images can only be lower case
IMAGE_NAME: ${{ needs.to-lower-case.outputs.lowercase-repo-name }}
EXIT_CODE: 1

# If scan failed, rebuild the image
update-image:
needs: periodic-scan
runs-on: ubuntu-latest
if: ${{needs.periodic-scan.outputs.trivy_conclusion == 'failure' }}
# tag the repo to trigger a new build
steps:
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/[email protected]
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
...

0 comments on commit 3df4546

Please sign in to comment.