1.0.59 Update Github Workflows

webpwnized · Jan 1, 2024 · 81e289e · 81e289e
1 parent 5e00a67
commit 81e289e
Show file tree

Hide file tree

Showing 4 changed files with 47 additions and 5 deletions.
diff --git a/.github/workflows/build-and-push-to-dockerhub.yml b/.github/workflows/build-and-push-to-dockerhub.yml
@@ -18,6 +18,13 @@ env:
 jobs:
   docker:
     runs-on: ubuntu-latest
+
+    # Define permissions for specific actions
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
     steps:
       # Step 1: Prepare the runner and check out the codebase.
       - name: Check out the codebase

diff --git a/.github/workflows/scan-dockerfiles-with-hadolint.yml b/.github/workflows/scan-dockerfiles-with-hadolint.yml
@@ -39,10 +39,7 @@ jobs:
 
       - name: Run Hadolint Scan with SARIF result
         uses: hadolint/[email protected]
-        with:
-          path: .
-          # Specify the directory to scan (in this case, the root directory).
-
+        with:   
           dockerfile: Dockerfile
           # Specify the name of the Dockerfile to be scanned.
 

diff --git a/.github/workflows/scan-dockerfiles-with-trivy.yml b/.github/workflows/scan-dockerfiles-with-trivy.yml
@@ -1,14 +1,24 @@
 name: scan-dockerfiles-with-trivy
+
 on:
   push:
     branches:
       - development
       - main
   pull_request:
+
 jobs:
   build:
     name: Run Trivy on Dockerfile
+
     runs-on: ubuntu-latest
+
+    # Define permissions for specific actions
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -20,11 +30,12 @@ jobs:
           hide-progress: false
           format: 'sarif'
           output: 'dockerfile-trivy-scan-results.sarif'
-          exit-code: '1'
+          exit-code: '0'
           ignore-unfixed: true
           severity: 'CRITICAL,HIGH,MEDIUM'
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2
+        if: always()
         with:
           sarif_file: 'dockerfile-trivy-scan-results.sarif'
diff --git a/scripts/push-development-branch.sh b/scripts/push-development-branch.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+if (( $# != 2 ))
+then
+    printf "%b" "Usage: git.sh <version> <annotation>\n" >&2;
+    exit 1;
+fi;
+
+VERSION=$1;
+ANNOTATION=$2;
+
+echo "Calling git.sh with tag $VERSION with annotation \"$ANNOTATION\"";
+./git.sh "$VERSION" "$ANNOTATION";
+
+echo "Checking out main branch";
+git checkout main;
+
+echo "Merging development branch";
+git merge development;
+
+echo "Calling git.sh with tag $VERSION with annotation \"$ANNOTATION\"";
+./git.sh "$VERSION" "$ANNOTATION";
+
+echo "Checking out development branch";
+git checkout development;
+
+git status;