[internal] fixes in CI, switch to werf v2 and go hooks #8

Workflow file for this run

.github/workflows/trivy_image_check.yaml at 8947620

	name: Trivy images check

	on:
	pull_request:
	types: [opened, reopened, labeled, synchronize]
	push:
	branches:
	- main
	workflow_dispatch:
	inputs:
	release_branch:
	description: 'release branch name, example: release-1.68'
	required: false

	jobs:
	build_dev:
	if: github.event_name == 'pull_request'
	uses: ./.github/workflows/build_dev.yml
	secrets: inherit
	cve_scan_on_pr:
	if: github.event_name == 'pull_request'
	name: Trivy images check
	runs-on: [self-hosted, regular]
	needs: [build_dev]
	steps:
	- uses: actions/checkout@v4
	- uses: deckhouse/modules-actions/cve_scan@main
	with:
	image: ${{ vars.DEV_MODULE_SOURCE }}/${{ vars.MODULE_NAME }}
	tag: pr${{ github.event.number }}
	module_name: ${{ vars.MODULE_NAME }}
	dd_url: ${{secrets.DEFECTDOJO_HOST}}
	dd_token: ${{secrets.DEFECTDOJO_API_TOKEN}}
	trivy_registry: ${{ vars.PROD_REGISTRY }}
	trivy_registry_user: ${{ vars.PROD_MODULES_REGISTRY_LOGIN }}
	trivy_registry_password: ${{ secrets.PROD_MODULES_READ_REGISTRY_PASSWORD }}
	deckhouse_private_repo: ${{secrets.DECKHOUSE_PRIVATE_REPO}}
	cve_scan:
	if: github.event_name != 'pull_request'
	name: Trivy images check
	runs-on: [self-hosted, regular]
	steps:
	- uses: actions/checkout@v4
	- name: Sets env vars for manual run
	run: \|
	echo "MODULE_IMAGE_TAG=${{ github.event.inputs.release_branch \|\| 'main' }}" >> $GITHUB_ENV
	if: github.event_name != 'workflow_dispatch'
	- uses: deckhouse/modules-actions/cve_scan@main
	with:
	image: ${{ vars.DEV_MODULE_SOURCE }}/${{ vars.MODULE_NAME }}
	tag: ${{ env.MODULE_IMAGE_TAG \|\| 'main' }}
	module_name: ${{ vars.MODULE_NAME }}
	dd_url: ${{secrets.DEFECTDOJO_HOST}}
	dd_token: ${{secrets.DEFECTDOJO_API_TOKEN}}
	trivy_registry: ${{ vars.PROD_REGISTRY }}
	trivy_registry_user: ${{ vars.PROD_MODULES_REGISTRY_LOGIN }}
	trivy_registry_password: ${{ secrets.PROD_MODULES_READ_REGISTRY_PASSWORD }}
	deckhouse_private_repo: ${{secrets.DECKHOUSE_PRIVATE_REPO}}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[internal] fixes in CI, switch to werf v2 and go hooks #8

Workflow file

[internal] fixes in CI, switch to werf v2 and go hooks #8

Jobs

Run details

Workflow file for this run