chore(deps): bump docker/build-push-action from 5 to 6 #196
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build for development | |
| on: | |
| push: | |
| branches: [ 'feature/**', 'dependabot/**' ] | |
| pull_request_target: | |
| branches: [ develop, main ] | |
| types: [ ready_for_review, closed ] | |
| jobs: | |
| test_and_scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Node 20 | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| - name: Install | |
| run: npm install | |
| - name: Run Linter | |
| run: npm run lint | |
| - name: Run frontend unit tests | |
| run: npm run test-ci | |
| env: | |
| NODE_OPTIONS: --max_old_space_size=4096 | |
| - name: Upload test report | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: test-report | |
| path: ./reports/junit/ | |
| - name: Run CVE scan with audit | |
| run: npm audit --audit-level=critical | |
| - name: Run Trivy vulnerability scanner in repo mode | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| ignore-unfixed: true | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| registry: | |
| needs: test_and_scan | |
| if: github.event.pull_request.merged == true | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Node 20 | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| push: true | |
| tags: ghcr.io/num-forschungsdatenplattform/num-portal-webapp:develop | |