From f6387ecc89e209264cb12a46086a76dad6a9c889 Mon Sep 17 00:00:00 2001 From: deusebio Date: Tue, 29 Oct 2024 15:32:52 +0100 Subject: [PATCH] [MISC] Enabling scanning for other images (#118) --- .github/workflows/build.yaml | 6 ++++++ .github/workflows/trivy.yml | 13 +++++++++++++ 2 files changed, 19 insertions(+) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 5202d6cf..06e6ea79 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -2,6 +2,10 @@ name: Build ROCK on: workflow_call: + inputs: + branch: + type: string + default: '' jobs: lint: @@ -27,6 +31,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + with: + ref: ${{ inputs.branch }} - name: Setup LXD uses: canonical/setup-lxd@main diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 4c092f7d..1b9413c3 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -4,10 +4,19 @@ on: branches: - 3.4-22.04/edge - 3.5-22.04/edge + - 3.4-22.04/stable + - 3.5-22.04/stable pull_request: + workflow_call: + inputs: + branch: + type: string + default: '' jobs: build: uses: ./.github/workflows/build.yaml + with: + branch: ${{ inputs.branch }} scan: name: Trivy scan and sbom generation needs: build @@ -15,6 +24,9 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 + with: + ref: ${{ inputs.branch }} + - name: Install rockcraft (for skopeo) run: | sudo snap install rockcraft --classic --edge @@ -48,6 +60,7 @@ jobs: if: always() with: sarif_file: 'trivy-results.sarif' + ref: ${{ inputs.branch }} - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph uses: aquasecurity/trivy-action@0.20.0