Skip to content
Java CI with Maven

Scan Docker image with Trivy #11

Sign in to view logs

Scan Docker image with Trivy

Scan Docker image with Trivy #11

Workflow file for this run

.github/workflows/maven.yml at 68ea4c8
name: Java CI with Maven
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
cache: maven
- name: Build with Maven
run: mvn -B -V -DskipTests=false verify
#- name: Upload test results
# if: always()
# uses: actions/upload-artifact@v4
# with:
# name: test-results
# path: |
# target/surefire-reports/**/*.xml
# target/failsafe-reports/**/*.xml
# target/**
# if-no-files-found: warn
- name: Copy JAR to docker context
run: |
mkdir -p dockerfile
echo "Jar files in target:"
ls -la target/*.jar || true
cp target/*.jar dockerfile/ || true
- name: Build Docker image
run: docker build -f dockerfile/Dockerfile -t my-app-image:${{ github.sha }} dockerfile/
- name: Scan Docker image with Trivy
uses: aquasecurity/trivy-action@v0.33.1
with:
image-ref: my-app-image:${{ github.sha }}
format: table
severity: CRITICAL,HIGH
exit-code: 1
vuln-type: os,library
- name: Run Docker container
run: |
# arranca en background y asigna nombre para poder pararlo después
docker run -d --name my-app-container -p 8080:8080 my-app-image:${{ github.sha }}
- name: Show container logs
run: docker logs -f my-app-container
- name: Remove container
run: docker container rm -f my-app-container
- name: Log in to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push to GHCR
uses: docker/build-push-action@v4
with:
context: dockerfile
file: dockerfile/Dockerfile
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/my-app-image:latest
ghcr.io/${{ github.repository_owner }}/my-app-image:${{ github.sha }}