Skip to content

[ODS-6481] 7.2 Patch Release for Nhibernate Upgrade #724

[ODS-6481] 7.2 Patch Release for Nhibernate Upgrade

[ODS-6481] 7.2 Patch Release for Nhibernate Upgrade #724

# SPDX-License-Identifier: Apache-2.0
# Licensed to the Ed-Fi Alliance under one or more agreements.
# The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
# See the LICENSE and NOTICES files in the project root for more information.
name: Analyze Docker Images
on:
pull_request:
branches: [main, 'b-v*-patch*','feature-*']
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
CURRENT_STANDARD_VERSION: "5.1.0"
PACKAGE_VERSION: "7.2"
DOCKER_HUB_TOKEN: ${{ secrets.DOCKER_HUB_TOKEN }}
DOCKER_USERNAME: ${{ vars.DOCKER_USERNAME }}
jobs:
FindStandardAndExtensionVersions:
uses: Ed-Fi-Alliance-OSS/Ed-Fi-ODS/.github/workflows/Find Standard and Extension Versions.yml@874b608a0f3a14243e0035dd1222169fafcbe8d3
with:
calling_branch: ${{ github.head_ref || github.ref_name }}
analyze-docker:
needs: FindStandardAndExtensionVersions
runs-on: ubuntu-latest
strategy:
matrix:
StandardVersion: ${{ fromJson(needs.FindStandardAndExtensionVersions.outputs.StandardVersions) }}
ExtensionVersion: ${{ fromJson(needs.FindStandardAndExtensionVersions.outputs.ExtensionVersions) }}
dockerfile:
[
{ name: "ods-api-bulk-load-console", path: "alpine" },
{ name: "ods-api-db-admin", path: "alpine/pgsql" },
{ name: "ods-api-db-ods-minimal", path: "alpine/pgsql" },
{ name: "ods-api-db-ods-sandbox", path: "alpine/pgsql" },
{ name: "ods-api-swaggerui", path: "alpine" },
{ name: "ods-api-web-api", path: "alpine/pgsql" },
{ name: "ods-api-web-api", path: "alpine/mssql" },
{ name: "ods-api-web-sandbox-admin", path: "alpine/pgsql" },
{ name: "ods-api-web-sandbox-admin", path: "alpine/mssql" }
]
name: ${{ matrix.dockerfile.name }}/${{ matrix.dockerfile.path }} Image for (Standard ${{ matrix.StandardVersion }} Extension ${{ matrix.ExtensionVersion }})
steps:
- name: Checkout code
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
- name: Log in to Docker Hub
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKER_HUB_TOKEN }}
- name: Build ${{ matrix.dockerfile.name }} image in path ${{ matrix.dockerfile.path }}
run: |
./get-versions.ps1 -PackageVersion ${{ env.PACKAGE_VERSION }} -StandardVersion ${{ matrix.StandardVersion }} -ExtensionVersion ${{ matrix.ExtensionVersion }} -PreRelease
./Invoke-Build.ps1 -PackageVersion ${{ env.PACKAGE_VERSION }} -PreRelease -ImageName ${{ matrix.dockerfile.name }} -Path ${{ matrix.dockerfile.path }}
$image ="edfialliance/${{ matrix.dockerfile.name }}:${{ env.PACKAGE_VERSION }}.0-${{ matrix.StandardVersion }}"
if ("${{ matrix.dockerfile.path }}" -eq "alpine/mssql") {
$image += "-mssql"
}
echo "IMAGENAME=$image">> $env:GITHUB_ENV
working-directory: Docker
shell: pwsh
- name: Analyze
uses: docker/scout-action@67eb1afe777307506aaecb9acd9a0e0389cb99ae # v1.5.0
with:
command: cves
image: ${{ env.IMAGENAME }}
sarif-file: sarif-${{ matrix.dockerfile.name }}.${{ env.PACKAGE_VERSION }}.0-${{ matrix.StandardVersion }}.output.json
summary: true
only-severities: "critical,high"
- name: Upload SARIF result
id: upload-sarif
if: ${{ github.event_name != 'pull_request_target' }}
uses: github/codeql-action/upload-sarif@df32e399139a3050671466d7d9b3cbacc1cfd034 #codeql-bundle-v2.15.2
with:
sarif_file: sarif-${{ matrix.dockerfile.name }}.${{ env.PACKAGE_VERSION }}.0-${{ matrix.StandardVersion }}.output.json