disabled supervisor nodaemon #375
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Build and Test Docker Image | |
| on: | |
| push: | |
| branches-ignore: latest | |
| paths: | |
| - '.github/workflows/build-and-test.yml' | |
| - 'Dockerfile' | |
| - 'bin/**' | |
| - 'lib/**' | |
| - 'src/**' | |
| - 'etc/**' | |
| - 'tests/**' | |
| - 'Makefile' | |
| - 'Makefile.variables' | |
| jobs: | |
| build: | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Run Development Pipeline | |
| run: make dev-pipeline | |
| working-directory: . | |
| env: | |
| AZURE_CREDS: ${{ secrets.AZURE_CREDS }} | |
| - name: Install Trivy | |
| run: | | |
| curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | \ | |
| sudo sh -s -- -b /usr/local/bin | |
| - name: Trivy Vulnerability Scanning | |
| run: | | |
| export TRIVY_DISABLE_VEX_NOTICE=true | |
| # Disable exit on error for the retry logic | |
| set +e | |
| # Retry logic for Trivy | |
| max_retries=5 | |
| attempt=1 | |
| success=false | |
| while [ $attempt -le $max_retries ]; do | |
| echo "Running Trivy scan, attempt $attempt..." | |
| # Run the Trivy scan and capture the exit status | |
| trivy image --severity CRITICAL --exit-code 1 --quiet \ | |
| usabilitydynamics/udx-worker:latest | tee trivy.log | grep -v 'INFO' | |
| scan_exit_code=$? | |
| # Check if CRITICAL vulnerabilities were detected | |
| if grep -E "Total: [1-9]" trivy.log; then | |
| echo "CRITICAL vulnerabilities detected! Exiting." | |
| exit 1 | |
| fi | |
| # Handle a successful scan (no critical vulnerabilities found) | |
| if [ $scan_exit_code -eq 0 ]; then | |
| echo "No CRITICAL vulnerabilities found." | |
| success=true | |
| break | |
| else | |
| echo "Trivy scan encountered an error, retrying in 2 minutes..." | |
| sleep 120 | |
| attempt=$((attempt+1)) | |
| fi | |
| done | |
| # Exit if all retries fail without a successful scan | |
| if [ "$success" = false ]; then | |
| echo "Failed to complete Trivy scan after $max_retries attempts." | |
| exit 1 | |
| fi | |
| - name: Trivy SBOM Generation | |
| run: | | |
| export TRIVY_DISABLE_VEX_NOTICE=true | |
| trivy image --format spdx-json --output sbom.json usabilitydynamics/udx-worker:latest 2>/dev/null | |
| echo "SBOM Top Packages Summary:" | |
| echo "| Package Name | Version |" | |
| echo "|-------------------|-----------|" | |
| jq -r '.packages[] | select(.versionInfo != null) | "\(.name) | \(.versionInfo)"' sbom.json | sort | uniq | head -n 20 | column -t -s '|' | |
| - name: Upload SBOM Artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: sbom | |
| path: sbom.json |