Skip to content

Commit

Permalink
Fail on failing CVE scan
Browse files Browse the repository at this point in the history
  • Loading branch information
WyriHaximus committed Feb 20, 2021
1 parent b2e2e44 commit dc378e3
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 5 deletions.
10 changes: 5 additions & 5 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
name: Generate Alpine
shell: bash
run: |
echo "::set-output name=versions::[\"3.12\", \"3.11\", \"3.10\"]"
echo "::set-output name=versions::[\"3.13\", \"3.12\"]"
supported-nginx-versions:
name: Supported nginx versions
runs-on: ubuntu-latest
Expand All @@ -43,7 +43,7 @@ jobs:
name: Generate PHP
shell: bash
run: |
echo "::set-output name=versions::[\"7.4\", \"7.3\", \"7.2\"]"
echo "::set-output name=versions::[\"7.4\", \"7.3\"]"
php-type-matrix:
name: PHP Type Matrix
runs-on: ubuntu-latest
Expand Down Expand Up @@ -204,7 +204,7 @@ jobs:
path: ./tmp
- run: docker load --input ./tmp/image*.tar
- run: mkdir -p "./clair/${DOCKER_IMAGE}"
- run: make scan-vulnerability
- run: make ci-scan-vulnerability
scan-vulnerability-http:
name: Scan nginx ${{ matrix.nginx }} for vulnerabilities
needs:
Expand Down Expand Up @@ -233,7 +233,7 @@ jobs:
shell: bash
- run: mkdir -p "./clair/${DOCKER_IMAGE}"
shell: bash
- run: make scan-vulnerability
- run: make ci-scan-vulnerability
shell: bash
scan-vulnerability-prometheus-exporter-file:
name: Scan HTTP prometheus-exporter-file for vulnerabilities
Expand All @@ -258,7 +258,7 @@ jobs:
path: ./tmp
- run: docker load --input ./tmp/image*.tar
- run: mkdir -p "./clair/${DOCKER_IMAGE}"
- run: make scan-vulnerability
- run: make ci-scan-vulnerability
test-php:
name: Functionaly test PHP ${{ matrix.php }} for ${{ matrix.type }} on Alpine ${{ matrix.alpine }}
needs:
Expand Down
6 changes: 6 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -110,3 +110,9 @@ scan-vulnerability:
mkdir -p ./tmp/clair/usabillabv
cat ./tmp/build-*.tags | xargs -I % sh -c 'clair-scanner --ip 172.17.0.1 -r "./tmp/clair/%.json" -l ./tmp/clair/clair.log % || echo "% is vulnerable"'
docker-compose -f test/security/docker-compose.yml -p clair-ci down

ci-scan-vulnerability:
docker-compose -f test/security/docker-compose.yml -p clair-ci up -d
RETRIES=0 && while ! wget -T 10 -q -O /dev/null http://localhost:6060/v1/namespaces ; do sleep 1 ; echo -n "." ; if [ $${RETRIES} -eq 10 ] ; then echo " Timeout, aborting." ; exit 1 ; fi ; RETRIES=$$(($${RETRIES}+1)) ; done
mkdir -p ./tmp/clair/usabillabv
cat ./tmp/build-*.tags | xargs -I % sh -c 'clair-scanner --ip 172.17.0.1 -r "./tmp/clair/%.json" -l ./tmp/clair/clair.log %'

0 comments on commit dc378e3

Please sign in to comment.