Skip to content

Downgrade NuGet.Protocol on EdFi.Ods.AdminApi.DBTests.csproj (#180) #137

Downgrade NuGet.Protocol on EdFi.Ods.AdminApi.DBTests.csproj (#180)

Downgrade NuGet.Protocol on EdFi.Ods.AdminApi.DBTests.csproj (#180) #137

# SPDX-License-Identifier: Apache-2.0
# Licensed to the Ed-Fi Alliance under one or more agreements.
# The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
# See the LICENSE and NOTICES files in the project root for more information.
name: On Pull Request - Dockerfile
on:
push:
branches:
- main
pull_request:
branches:
- main
paths:
- ".github/workflows/on-pullrequest-dockerfile.yml"
- "Docker/*"
workflow_dispatch:
env:
DOCKER_USERNAME: ${{ vars.DOCKER_USERNAME }}
DOCKER_HUB_TOKEN: ${{ secrets.DOCKER_HUB_TOKEN }}
permissions: read-all
jobs:
docker-analysis:
runs-on: ubuntu-latest
permissions:
security-events: write
pull-requests: write
strategy:
fail-fast: false
matrix:
dockerfile:
[
{ name: "api-database", path: "Docker/Settings/DB-Admin/pgsql/Dockerfile", type: "published" },
{ name: "postgres", path: "Docker/api.mssql.Dockerfile", type: "published" },
{ name: "database", path: "Docker/dbadmin.Dockerfile", type: "local" },
{ name: "development", path: "Docker/dev.pgsql.Dockerfile", type: "local" },
]
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Copy application folder to docker context
if: ${{ matrix.dockerfile.type == 'local' }}
run: |
mkdir Docker/Application
cp -r ./Application/EdFi.Ods.AdminApi ./Docker/Application
cp ./Application/NuGet.Config ./Docker/Application
- name: Set Version Numbers
if: ${{ matrix.dockerfile.type == 'published' }}
id: versions
run: |
FEED="9f7770ac-66d9-4fbc-b81e-b5ad79002b62"
PACKAGE="db5612a0-336b-4960-9092-f3be0b63d13e"
VERSIONS=$(curl https://feeds.dev.azure.com/ed-fi-alliance/$FEED/_apis/Packaging/Feeds/EdFi/Packages/$PACKAGE?includeAllVersions=true)
LATEST=$(echo $VERSIONS | jq '[.versions[] | select(.views[].name == "Release") | .version | select(startswith("1."))][0]')
echo "latest version: $LATEST"
echo "VERSION=$LATEST" >> $GITHUB_OUTPUT
- uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
name: Run Linter on ${{ matrix.dockerfile.name }} Dockerfile
with:
dockerfile: ${{ matrix.dockerfile.path }}
failure-threshold: error
- name: Log in to Docker Hub
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_HUB_TOKEN }}
- name: Build
run: |
path=${{matrix.dockerfile.path}}
folder=${path%/*}
cd $folder
dockerfile=$(echo ${{matrix.dockerfile.path}} | awk -F"/" '{print $NF}')
docker build -f $dockerfile -t ${{ matrix.dockerfile.name }} --build-arg="VERSION=${{ steps.versions.outputs.VERSION }}" .
- name: Analyze
uses: docker/scout-action@67eb1afe777307506aaecb9acd9a0e0389cb99ae # v1.5.0
with:
command: cves
image: local://${{ matrix.dockerfile.name }}
sarif-file: sarif-${{ matrix.dockerfile.name }}.output.json
only-severities: critical,high,medium,low
summary: true
- name: Upload SARIF result
id: upload-sarif
if: ${{ github.event_name != 'pull_request_target' }}
uses: github/codeql-action/upload-sarif@cf7e9f23492505046de9a37830c3711dd0f25bb3 #codeql-bundle-v2.16.2
with:
sarif_file: sarif-${{ matrix.dockerfile.name }}.output.json