build(deps): bump postgres from 16.4-alpine to 17.2-alpine in /kubernetes/postgres #3836
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker Image CI | |
on: | |
push: | |
branches: | |
- master | |
paths: | |
- "kubernetes/**" | |
- "!kubernetes/bin/**" | |
- "!kubernetes/**/*.md" | |
- ".github/workflows/docker-image-ci.yml" | |
pull_request: | |
paths: | |
- "kubernetes/**" | |
- "!kubernetes/bin/**" | |
- "!kubernetes/**/*.md" | |
- ".github/workflows/docker-image-ci.yml" | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out Git repository | |
uses: actions/[email protected] | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
- name: Cache Docker layers | |
uses: actions/[email protected] | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ github.ref }}-${{ github.sha }} | |
restore-keys: | | |
${{ github.ref }}-${{ github.sha }} | |
${{ github.ref }} | |
refs/head/main | |
- name: setup docker args | |
env: | |
TZ: "Asia/Tokyo" | |
run: | | |
echo "BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ")" >> $GITHUB_ENV | |
echo "VCS_REF=$(echo ${GITHUB_SHA} | cut -c1-8)" >> $GITHUB_ENV | |
- name: setup docker push actions | |
run: | | |
if [[ github.event_name == 'push' ]]; then | |
echo "PUSH=true" >> $GITHUB_ENV | |
else | |
echo "PUSH=false" >> $GITHUB_ENV | |
fi | |
- name: docker login | |
if: github.event_name == 'push' | |
env: | |
DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }} | |
DOCKERHUB_PASS: ${{ secrets.DOCKERHUB_PASS }} | |
run: docker login -u $DOCKERHUB_USER -p $DOCKERHUB_PASS | |
- name: Build and push - nginx | |
uses: docker/[email protected] | |
with: | |
context: ./kubernetes/nginx | |
push: ${{ env.PUSH }} | |
tags: ${{ secrets.DOCKERHUB_USER }}/nginx:latest | |
build-args: | | |
VCS_REF=${VCS_REF} | |
BUILD_DATE=${BUILD_DATE} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache | |
- name: Run Snyk to check Docker image for vulnerabilities - nginx | |
continue-on-error: true | |
uses: snyk/actions/docker@cdb760004ba9ea4d525f2e043745dfe85bb9077e | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
image: ${{ secrets.DOCKERHUB_USER }}/nginx | |
args: --severity-threshold=critical --file=kubernetes/nginx/Dockerfile | |
- name: rename sarif file | |
run: mv snyk.sarif nginx.sarif | |
- name: Build and push - mysql | |
uses: docker/[email protected] | |
with: | |
context: ./kubernetes/mysql | |
push: ${{ env.PUSH }} | |
tags: ${{ secrets.DOCKERHUB_USER }}/mysql:latest | |
build-args: | | |
VCS_REF=${VCS_REF} | |
BUILD_DATE=${BUILD_DATE} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache | |
- name: Run Snyk to check Docker image for vulnerabilities - mysql | |
continue-on-error: true | |
uses: snyk/actions/docker@cdb760004ba9ea4d525f2e043745dfe85bb9077e | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
image: ${{ secrets.DOCKERHUB_USER }}/mysql | |
args: --severity-threshold=critical --file=kubernetes/mysql/Dockerfile | |
- name: rename sarif file | |
run: mv snyk.sarif mysql.sarif | |
- name: Build and push - postgres | |
uses: docker/[email protected] | |
with: | |
context: ./kubernetes/postgres | |
push: ${{ env.PUSH }} | |
tags: ${{ secrets.DOCKERHUB_USER }}/postgres:latest | |
build-args: | | |
VCS_REF=${VCS_REF} | |
BUILD_DATE=${BUILD_DATE} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache | |
- name: Run Snyk to check Docker image for vulnerabilities - postgres | |
continue-on-error: true | |
uses: snyk/actions/docker@cdb760004ba9ea4d525f2e043745dfe85bb9077e | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
image: ${{ secrets.DOCKERHUB_USER }}/postgres | |
args: --severity-threshold=critical --file=kubernetes/postgres/Dockerfile | |
- name: rename sarif file | |
run: mv snyk.sarif postgres.sarif | |
- name: Build and push - mongodb | |
uses: docker/[email protected] | |
with: | |
context: ./kubernetes/mongodb | |
push: ${{ env.PUSH }} | |
tags: ${{ secrets.DOCKERHUB_USER }}/mongodb:latest | |
build-args: | | |
VCS_REF=${VCS_REF} | |
BUILD_DATE=${BUILD_DATE} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache | |
- name: Run Snyk to check Docker image for vulnerabilities - mongodb | |
continue-on-error: true | |
uses: snyk/actions/docker@cdb760004ba9ea4d525f2e043745dfe85bb9077e | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
image: ${{ secrets.DOCKERHUB_USER }}/mongodb | |
args: --severity-threshold=critical --file=kubernetes/mongodb/Dockerfile | |
- name: rename sarif file | |
run: mv snyk.sarif mongodb.sarif | |
- name: Build and push - cassandra | |
uses: docker/[email protected] | |
with: | |
context: ./kubernetes/cassandra | |
push: ${{ env.PUSH }} | |
tags: ${{ secrets.DOCKERHUB_USER }}/cassandra:latest | |
build-args: | | |
VCS_REF=${VCS_REF} | |
BUILD_DATE=${BUILD_DATE} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache | |
- name: Run Snyk to check Docker image for vulnerabilities - cassandra | |
continue-on-error: true | |
uses: snyk/actions/docker@cdb760004ba9ea4d525f2e043745dfe85bb9077e | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
image: ${{ secrets.DOCKERHUB_USER }}/cassandra | |
args: --severity-threshold=critical --file=kubernetes/cassandra/Dockerfile | |
- name: rename sarif file | |
run: mv snyk.sarif cassandra.sarif | |
- name: Build and push - rabbitmq | |
uses: docker/[email protected] | |
with: | |
context: ./kubernetes/rabbitmq | |
push: ${{ env.PUSH }} | |
tags: ${{ secrets.DOCKERHUB_USER }}/rabbitmq:latest | |
build-args: | | |
VCS_REF=${VCS_REF} | |
BUILD_DATE=${BUILD_DATE} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache | |
- name: Run Snyk to check Docker image for vulnerabilities - rabbitmq | |
continue-on-error: true | |
uses: snyk/actions/docker@cdb760004ba9ea4d525f2e043745dfe85bb9077e | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
image: ${{ secrets.DOCKERHUB_USER }}/rabbitmq | |
args: --severity-threshold=critical --file=kubernetes/rabbitmq/Dockerfile | |
- name: rename sarif file | |
run: mv snyk.sarif rabbitmq.sarif | |
- name: Build and push - jenkins | |
uses: docker/[email protected] | |
with: | |
context: ./kubernetes/monitoring/jenkins | |
push: ${{ env.PUSH }} | |
tags: ${{ secrets.DOCKERHUB_USER }}/jenkins:latest | |
build-args: | | |
VCS_REF=${VCS_REF} | |
BUILD_DATE=${BUILD_DATE} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache | |
- name: Build and push - ab | |
uses: docker/[email protected] | |
with: | |
context: ./kubernetes/monitoring/test/ab | |
push: ${{ env.PUSH }} | |
tags: ${{ secrets.DOCKERHUB_USER }}/ab:latest | |
build-args: | | |
VCS_REF=${VCS_REF} | |
BUILD_DATE=${BUILD_DATE} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache | |
- name: Run Snyk to check Docker image for vulnerabilities - ab | |
continue-on-error: true | |
uses: snyk/actions/docker@cdb760004ba9ea4d525f2e043745dfe85bb9077e | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
image: ${{ secrets.DOCKERHUB_USER }}/ab | |
args: --severity-threshold=critical --file=kubernetes/monitoring/test/ab/Dockerfile | |
- name: rename sarif file | |
run: mv snyk.sarif ab.sarif | |
- name: Build and push - postmannewman-quarkus | |
uses: docker/[email protected] | |
with: | |
context: ./kubernetes/monitoring/test/postmannewman/quarkus | |
push: ${{ env.PUSH }} | |
tags: ${{ secrets.DOCKERHUB_USER }}/postmannewman-quarkus:latest | |
build-args: | | |
VCS_REF=${VCS_REF} | |
BUILD_DATE=${BUILD_DATE} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache | |
- name: Run Snyk to check Docker image for vulnerabilities - postmannewman-quarkus | |
continue-on-error: true | |
uses: snyk/actions/docker@cdb760004ba9ea4d525f2e043745dfe85bb9077e | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
image: ${{ secrets.DOCKERHUB_USER }}/postmannewman-quarkus | |
args: --severity-threshold=critical --file=kubernetes/monitoring/test/postmannewman/quarkus/Dockerfile | |
- name: rename sarif file | |
run: mv snyk.sarif postmannewman-quarkus.sarif | |
- name: Upload result to GitHub Code Scanning - postmannewman-quarkus | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
sarif_file: ./ |