api-platform/.github/workflows/jfrog-scan.yaml at 92e729fe3410d15fce8af771eb0d4df626d81371 · wso2/api-platform · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
name: Jfrog Scan
on:
  workflow_dispatch:
  schedule:
    - cron: "0 20 * * *"

jobs:
  scan-images:
    runs-on: ubuntu-latest

    services:
      registry:
        image: registry:2
        ports:
          - 5000:5000

    steps:
      - uses: actions/checkout@v4

      - uses: docker/setup-qemu-action@v3

      # IMPORTANT: network=host lets buildkit reach localhost:5000
      - uses: docker/setup-buildx-action@v3
        with:
          driver-opts: network=host

      - name: Setup JFrog CLI
        uses: jfrog/setup-jfrog-cli@v4
        env:
          JF_URL: ${{ secrets.JF_URL }}
          JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}

      # -------------------------
      # Gateway Runtime (Router + Policy Engine)
      # -------------------------
      - name: Build & push gateway-runtime to temp registry
        run: |
          make -C gateway/gateway-runtime build-and-push-multiarch \
            IMAGE_NAME=localhost:5000/gateway-runtime \
            VERSION=trivy

      - name: JFrog scan gateway-runtime
        run: |
          docker pull localhost:5000/gateway-runtime:trivy
          jf docker scan localhost:5000/gateway-runtime:trivy

      # -------------------------
      # Gateway Controller
      # -------------------------
      - name: Build & push gateway-controller to temp registry
        run: |
          make -C gateway/gateway-controller build-and-push-multiarch \
            IMAGE_NAME=localhost:5000/gateway-controller \
            VERSION=trivy

      - name: JFrog scan gateway-controller
        run: |
          docker pull localhost:5000/gateway-controller:trivy
          jf docker scan localhost:5000/gateway-controller:trivy

      # -------------------------
      # Gateway Builder
      # -------------------------
      - name: Build & push gateway-builder to temp registry
        run: |
          make -C gateway/gateway-builder build-and-push-multiarch \
            IMAGE_NAME=localhost:5000/gateway-builder \
            VERSION=trivy

      - name: JFrog scan gateway-builder
        run: |
          docker pull localhost:5000/gateway-builder:trivy
          jf docker scan localhost:5000/gateway-builder:trivy

      # -------------------------
      # Event Gateway Runtime
      # -------------------------
      - name: Build & push event-gateway-runtime to temp registry
        run: |
          make -C event-gateway/gateway-runtime build-and-push-multiarch \
            IMAGE_NAME=localhost:5000/event-gateway-runtime \
            VERSION=trivy

      - name: JFrog scan event-gateway-runtime
        run: |
          docker pull localhost:5000/event-gateway-runtime:trivy
          jf docker scan localhost:5000/event-gateway-runtime:trivy

      # -------------------------
      # Event Gateway Controller
      # -------------------------
      - name: Build & push event-gateway-controller to temp registry
        run: |
          cd gateway/gateway-controller && \
          docker buildx build -f Dockerfile \
            --build-context sdk=../../sdk \
            --build-context sdk-core=../../sdk/core \
            --build-context common=../../common \
            --build-context build-manifest=.. \
            --platform linux/amd64,linux/arm64 \
            --build-arg VERSION=trivy \
            --target production \
            -t localhost:5000/event-gateway-controller:trivy \
            --push \
            .

      - name: JFrog scan event-gateway-controller
        run: |
          docker pull localhost:5000/event-gateway-controller:trivy
          jf docker scan localhost:5000/event-gateway-controller:trivy