Bump aquasecurity/trivy-action from 0.24.0 to 0.25.0 (#510) #1277

Workflow file for this run

	name: build

	on:
	push:
	branches: [ main ]
	paths-ignore:
	- '*/.gitattributes'
	- '*/.gitignore'
	- '*/.md'
	pull_request:
	branches:
	- main
	- dotnet-vnext
	- dotnet-nightly
	workflow_dispatch:

	permissions:
	contents: read

	env:
	DOTNET_CLI_TELEMETRY_OPTOUT: true
	DOTNET_GENERATE_ASPNET_CERTIFICATE: false
	DOTNET_NOLOGO: true
	DOTNET_SYSTEM_CONSOLE_ALLOW_ANSI_COLOR_REDIRECTION: 1
	NUGET_XMLDOC_MODE: skip
	TERM: xterm

	jobs:
	build:
	name: ${{ matrix.os }}
	runs-on: ${{ matrix.os }}

	env:
	PUBLISH_CONTAINER: ${{ github.event.repository.fork == false && github.ref_name == github.event.repository.default_branch && matrix.os == 'ubuntu-latest' && vars.CONTAINER_REGISTRY != '' }}

	outputs:
	container-tag: ${{ steps.publish-container.outputs.container-tag }}

	permissions:
	attestations: write
	contents: read
	id-token: write

	strategy:
	fail-fast: false
	matrix:
	os: [ macos-latest, ubuntu-latest, windows-latest ]

	steps:

	- name: Checkout code
	uses: actions/checkout@v4

	- name: Setup .NET SDK
	uses: actions/setup-dotnet@v4

	- name: Build, test and publish
	shell: pwsh
	run: ./build.ps1

	- name: Docker log in
	uses: docker/login-action@v3
	if: env.PUBLISH_CONTAINER == 'true'
	with:
	registry: ${{ vars.CONTAINER_REGISTRY }}
	username: ${{ secrets.ACR_REGISTRY_USERNAME }}
	password: ${{ secrets.ACR_REGISTRY_PASSWORD }}

	- name: Publish container
	id: publish-container
	if: runner.os == 'Linux'
	shell: pwsh
	env:
	ContainerRegistry: ${{ env.PUBLISH_CONTAINER == 'true' && vars.CONTAINER_REGISTRY \|\| '' }}
	run: \|
	dotnet publish ./src/SignInWithApple --arch x64 --os linux -p:PublishProfile=DefaultContainer

	- name: Attest container image
	uses: actions/attest-build-provenance@v1
	if: steps.publish-container.outputs.container-digest != ''
	with:
	push-to-registry: true
	subject-digest: ${{ steps.publish-container.outputs.container-digest }}
	subject-name: ${{ steps.publish-container.outputs.container-image }}

	deploy:
	if: github.event.repository.fork == false && github.ref_name == github.event.repository.default_branch
	name: deploy-production
	needs: build
	runs-on: ubuntu-latest
	concurrency: production_environment

	environment:
	name: production
	url: ${{ vars.APPLICATION_URL }}

	permissions:
	id-token: write

	steps:

	- name: Azure log in
	uses: azure/login@v2
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

	- name: Deploy container to Azure App Service
	uses: azure/webapps-deploy@v3
	id: deploy_production
	with:
	app-name: ${{ vars.AZURE_WEBAPP_NAME }}
	images: ${{ needs.build.outputs.container-tag }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump aquasecurity/trivy-action from 0.24.0 to 0.25.0 (#510) #1277

Workflow file

Bump aquasecurity/trivy-action from 0.24.0 to 0.25.0 (#510) #1277

Jobs

Run details

Workflow file for this run