hoellen/docker-nextcloud
1
0
Fork 0
mirror of https://github.com/hoellen/docker-nextcloud.git synced 2026-06-01 14:00:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: update cicd packages

Browse Source
This commit is contained in:
hoellen
2026-04-30 21:54:11 +02:00
parent 2bf6716730
commit f607c77556
2 changed files with 18 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/build.yml
+8 -10
View File
@@ -8,7 +8,7 @@ on:
- version-* - version-*
schedule: schedule:
# Build the image regularly (each Friday) # Build the image regularly (each Friday)
- cron: '23 04 * * 5' - cron: "23 04 * * 5"
env: env:
REGISTRY: ghcr.io REGISTRY: ghcr.io
@@ -25,7 +25,7 @@ jobs:
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v2 uses: actions/checkout@v6
- name: Extract version for tags - name: Extract version for tags
run: | run: |
@@ -37,16 +37,14 @@ jobs:
- name: Install cosign - name: Install cosign
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@main uses: sigstore/cosign-installer@v4.1.1
with:
cosign-release: 'v2.2.2'
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1 uses: docker/setup-buildx-action@v4
- name: Login to registry - name: Login to registry
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
uses: docker/login-action@v1 uses: docker/login-action@v4
with: with:
registry: ${{ env.REGISTRY }} registry: ${{ env.REGISTRY }}
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
@@ -54,7 +52,7 @@ jobs:
- name: Set Docker metadata - name: Set Docker metadata
id: meta id: meta
uses: docker/metadata-action@v3 uses: docker/metadata-action@v6
with: with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: | tags: |
@@ -64,7 +62,7 @@ jobs:
- name: Build and export Docker image to Docker - name: Build and export Docker image to Docker
id: build id: build
uses: docker/build-push-action@v2 uses: docker/build-push-action@v7
with: with:
load: true load: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:testing tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:testing
@@ -80,7 +78,7 @@ jobs:
- name: Push Docker image - name: Push Docker image
id: push id: push
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
uses: docker/build-push-action@v2 uses: docker/build-push-action@v7
with: with:
context: . context: .
push: true push: true
.github/workflows/scan.yml
+10 -10
View File
@@ -3,7 +3,7 @@ name: scan
on: on:
schedule: schedule:
# Scan the image regularly (once a day) # Scan the image regularly (once a day)
- cron: '45 03 * * *' - cron: "45 03 * * *"
jobs: jobs:
build: build:
@@ -11,19 +11,19 @@ jobs:
runs-on: "ubuntu-24.04" runs-on: "ubuntu-24.04"
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v2 uses: actions/checkout@v6
- name: Run Trivy vulnerability scanner - name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master uses: aquasecurity/trivy-action@v0.36.0
with: with:
image-ref: 'ghcr.io/${{ github.actor }}/nextcloud' image-ref: "ghcr.io/${{ github.actor }}/nextcloud"
format: 'template' format: "template"
template: '@/contrib/sarif.tpl' template: "@/contrib/sarif.tpl"
output: 'trivy-results.sarif' output: "trivy-results.sarif"
severity: 'CRITICAL,HIGH' severity: "CRITICAL,HIGH"
vuln-type: "os" vuln-type: "os"
- name: Upload Trivy scan results to GitHub Security tab - name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1 uses: github/codeql-action/upload-sarif@v3
with: with:
sarif_file: 'trivy-results.sarif' sarif_file: "trivy-results.sarif"