Skip to content

Bump io.jsonwebtoken:jjwt-jackson from 0.12.5 to 0.12.6 #96

Bump io.jsonwebtoken:jjwt-jackson from 0.12.5 to 0.12.6

Bump io.jsonwebtoken:jjwt-jackson from 0.12.5 to 0.12.6 #96

name: build and scan PR container
on:
pull_request:
jobs:
build:
name: Build PR image
runs-on: ubuntu-22.04
permissions:
contents: read
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: create maven settings.xml
uses: s4u/[email protected]
with:
servers: |
[{
"id":"github-clearinghouse",
"username": "${{github.actor}}",
"password": "${{ secrets.GITHUB_TOKEN }}"
},
{
"id":"github-crypt4gh",
"username": "${{github.actor}}",
"password": "${{ secrets.GITHUB_TOKEN }}"
}]
- name: Copy settings.xml to project root
shell: bash
run: cp /home/runner/.m2/settings.xml ./settings.xml
- name: Log in to the Github Container registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build container
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
push: true
tags: |
ghcr.io/${{ github.repository }}:PR${{ github.event.number }}
ghcr.io/${{ github.repository }}:sha-${{ github.sha }}
labels: |
org.opencontainers.image.source=${{ github.event.repository.clone_url }}
org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
org.opencontainers.image.revision=${{ github.sha }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d
with:
image-ref: ghcr.io/${{ github.repository }}:sha-${{ github.sha }}
format: "sarif"
hide-progress: true
ignore-unfixed: true
output: 'trivy-results.sarif'
severity: "CRITICAL,HIGH"
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'