Skip to content

Bump aquasecurity/trivy-action from 0.25.0 to 0.26.0 (#514) #1289

Bump aquasecurity/trivy-action from 0.25.0 to 0.26.0 (#514)

Bump aquasecurity/trivy-action from 0.25.0 to 0.26.0 (#514) #1289

Workflow file for this run

name: build
on:
push:
branches: [ main ]
paths-ignore:
- '**/*.gitattributes'
- '**/*.gitignore'
- '**/*.md'
pull_request:
branches:
- main
- dotnet-vnext
- dotnet-nightly
workflow_dispatch:
permissions:
contents: read
env:
DOTNET_CLI_TELEMETRY_OPTOUT: true
DOTNET_GENERATE_ASPNET_CERTIFICATE: false
DOTNET_NOLOGO: true
DOTNET_SYSTEM_CONSOLE_ALLOW_ANSI_COLOR_REDIRECTION: 1
NUGET_XMLDOC_MODE: skip
TERM: xterm
jobs:
build:
name: ${{ matrix.os }}
runs-on: ${{ matrix.os }}
env:
PUBLISH_CONTAINER: ${{ github.event.repository.fork == false && github.ref_name == github.event.repository.default_branch && matrix.os == 'ubuntu-latest' && vars.CONTAINER_REGISTRY != '' }}
outputs:
container-tag: ${{ steps.publish-container.outputs.container-tag }}
permissions:
attestations: write
contents: read
id-token: write
strategy:
fail-fast: false
matrix:
os: [ macos-latest, ubuntu-latest, windows-latest ]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup .NET SDK
uses: actions/setup-dotnet@v4
- name: Build, test and publish
shell: pwsh
run: ./build.ps1
- name: Docker log in
uses: docker/login-action@v3
if: env.PUBLISH_CONTAINER == 'true'
with:
registry: ${{ vars.CONTAINER_REGISTRY }}
username: ${{ secrets.ACR_REGISTRY_USERNAME }}
password: ${{ secrets.ACR_REGISTRY_PASSWORD }}
- name: Publish container
id: publish-container
if: runner.os == 'Linux'
shell: pwsh
env:
ContainerRegistry: ${{ env.PUBLISH_CONTAINER == 'true' && vars.CONTAINER_REGISTRY || '' }}
run: |
dotnet publish ./src/SignInWithApple --arch x64 --os linux -p:PublishProfile=DefaultContainer
- name: Attest container image
uses: actions/attest-build-provenance@v1
if: steps.publish-container.outputs.container-digest != ''
with:
push-to-registry: true
subject-digest: ${{ steps.publish-container.outputs.container-digest }}
subject-name: ${{ steps.publish-container.outputs.container-image }}
deploy:
if: github.event.repository.fork == false && github.ref_name == github.event.repository.default_branch
name: deploy-production
needs: build
runs-on: ubuntu-latest
concurrency: production_environment
environment:
name: production
url: ${{ vars.APPLICATION_URL }}
permissions:
id-token: write
steps:
- name: Azure log in
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Deploy container to Azure App Service
uses: azure/webapps-deploy@v3
id: deploy_production
with:
app-name: ${{ vars.AZURE_WEBAPP_NAME }}
images: ${{ needs.build.outputs.container-tag }}