Workflow adjustments:

- Paths ignore for all docker build - Remove security workflow (CVEs should be fixed by Alpine)
2020-05-29 10:20:45 +00:00
parent 3f6d3d7c2a
commit c85cca7fdc
5 changed files with 58 additions and 53 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -2,6 +2,28 @@ name: Docker build
 on:
  pull_request:
    branches: [master]
+    paths-ignore:
+      - .devcontainer
+      - .github/ISSUE_TEMPLATE
+      - .github/workflows/buildx-release.yml
+      - .github/workflows/buildx-branch.yml
+      - .github/workflows/buildx-latest.yml
+      - .github/workflows/dockerhub-description.yml
+      - .github/workflows/labels.yml
+      - .github/workflows/misspell.yml
+      - .github/CODEOWNERS
+      - .github/CONTRIBUTING.md
+      - .github/FUNDING.yml
+      - .github/labels.yml
+      - .vscode
+      - cmd/ovpnparser
+      - cmd/resolver
+      - doc
+      - .gitignore
+      - docker-compose.yml
+      - LICENSE
+      - README.md
+      - title.svg
 jobs:
  build:
    runs-on: ubuntu-latest
--- a/.github/workflows/buildx-branch.yml
+++ b/.github/workflows/buildx-branch.yml
@@ -6,13 +6,22 @@ on:
      - '*/*'
      - '!master'
    paths-ignore:
+      - .devcontainer
+      - .github/ISSUE_TEMPLATE
+      - .github/workflows/build.yml
      - .github/workflows/buildx-release.yml
+      - .github/workflows/buildx-latest.yml
      - .github/workflows/dockerhub-description.yml
-      - .github/workflows/greetings.yml
      - .github/workflows/labels.yml
      - .github/workflows/misspell.yml
-      - .github/workflows/security.yml
-      - .dockerignore
+      - .github/CODEOWNERS
+      - .github/CONTRIBUTING.md
+      - .github/FUNDING.yml
+      - .github/labels.yml
+      - .vscode
+      - cmd/ovpnparser
+      - cmd/resolver
+      - doc
      - .gitignore
      - docker-compose.yml
      - LICENSE
--- a/.github/workflows/buildx-latest.yml
+++ b/.github/workflows/buildx-latest.yml
@@ -3,13 +3,22 @@ on:
  push:
    branches: [master]
    paths-ignore:
+      - .devcontainer
+      - .github/ISSUE_TEMPLATE
+      - .github/workflows/build.yml
+      - .github/workflows/buildx-branch.yml
      - .github/workflows/buildx-release.yml
      - .github/workflows/dockerhub-description.yml
-      - .github/workflows/greetings.yml
      - .github/workflows/labels.yml
      - .github/workflows/misspell.yml
-      - .github/workflows/security.yml
-      - .dockerignore
+      - .github/CODEOWNERS
+      - .github/CONTRIBUTING.md
+      - .github/FUNDING.yml
+      - .github/labels.yml
+      - .vscode
+      - cmd/ovpnparser
+      - cmd/resolver
+      - doc
      - .gitignore
      - docker-compose.yml
      - LICENSE
--- a/.github/workflows/buildx-release.yml
+++ b/.github/workflows/buildx-release.yml
@@ -3,13 +3,22 @@ on:
  release:
    types: [published]
    paths-ignore:
+      - .devcontainer
+      - .github/ISSUE_TEMPLATE
+      - .github/workflows/build.yml
+      - .github/workflows/buildx-branch.yml
      - .github/workflows/buildx-latest.yml
      - .github/workflows/dockerhub-description.yml
-      - .github/workflows/greetings.yml
      - .github/workflows/labels.yml
      - .github/workflows/misspell.yml
-      - .github/workflows/security.yml
-      - .dockerignore
+      - .github/CODEOWNERS
+      - .github/CONTRIBUTING.md
+      - .github/FUNDING.yml
+      - .github/labels.yml
+      - .vscode
+      - cmd/ovpnparser
+      - cmd/resolver
+      - doc
      - .gitignore
      - docker-compose.yml
      - LICENSE
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -1,44 +0,0 @@
-name: Security scan of Docker image
-on:
-  push:
-    branches: [master]
-    paths-ignore:
-      - .github/workflows/buildx-release.yml
-      - .github/workflows/dockerhub-description.yml
-      - .github/workflows/greetings.yml
-      - .github/workflows/labels.yml
-      - .github/workflows/misspell.yml
-      - .github/workflows/security.yml
-      - .dockerignore
-      - .gitignore
-      - docker-compose.yml
-      - LICENSE
-      - README.md
-      - title.svg
-  schedule:
-    - cron: '0 9 * * *'
-jobs:
-  security-analysis:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-      - name: Check for scratch
-        id: scratchCheck
-        run: echo ::set-output name=scratch::$(cat Dockerfile | grep 'FROM scratch')
-      - name: Build image
-        if: steps.scratchCheck.outputs.scratch == ''
-        run: docker build -t image .
-      - name: Phonito
-        if: steps.scratchCheck.outputs.scratch == ''
-        uses: phonito/phonito-scanner-action@master
-        with:
-          image: image
-          fail-level: LOW
-          phonito-token: ${{ secrets.PHONITO_TOKEN }}
-      - name: Trivy
-        if: steps.scratchCheck.outputs.scratch == ''
-        uses: homoluctus/gitrivy@v1.0.0
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          image: image