owncast/.github/workflows/container-lint.yml
Meisam 2c6fd67276
set a non-root user for containers (#2496)
* change root user in dockerfile

* build container on push/pr

* grab docker build params from env

* consolidate container build

* rm unused container build workflow/script

* cleanup ci

* set user for earthly container build

* rm ci docker build for develop branch

* checkout full repo for docker builds

* read earthly push from env

* cleanup ci

* rm unsupported option for actions/checkout@v3

* check dockerfile in ci

* add dockerfile build to earthfile

* authenticate to GH only on schedule builds

* accurate name for dev container builder script

* add note to the dockerfile about earthfile

* document dev build process more clearly
2023-01-04 14:15:12 -08:00

29 lines
532 B
YAML

name: Lint
on:
push:
branches:
- webv2
paths:
- 'Dockerfile'
pull_request:
branches:
- webv2
paths:
- 'Dockerfile'
jobs:
trivy:
name: Dockerfile
runs-on: ubuntu-latest
container:
image: aquasec/trivy
steps:
- uses: actions/checkout@v3
- name: Check critical issues
run: trivy config --exit-code 1 --severity "HIGH,CRITICAL" ./Dockerfile
- name: Check non-critical issues
run: trivy config --severity "LOW,MEDIUM" ./Dockerfile