Skip to content

Commit 8e37070

Browse files
mocsharpmocsharp
authored
Run container scan only for release and main branches
1 parent e986751 commit 8e37070

File tree

1 file changed

+6
-6
lines changed

1 file changed

+6
-6
lines changed

.github/workflows/build.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -90,7 +90,7 @@ jobs:
9090

9191
- name: Dockle Container Scanner
9292
uses: erzz/dockle-action@v1
93-
if: ${{ contains(github.ref, 'refs/heads/main') || contains(github.ref, 'refs/heads/develop') }}
93+
if: ${{ contains(github.ref, 'refs/heads/main') || contains(github.head_ref, 'release') }}
9494
with:
9595
image: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
9696
report-format: sarif
@@ -100,28 +100,28 @@ jobs:
100100
# Disable upload due to bug https://github.com/erzz/dockle-action/issues/18
101101
# - name: Upload Dockle SARIF Report
102102
# uses: github/codeql-action/upload-sarif@v2
103-
# if: ${{ contains(github.ref, 'refs/heads/main') || contains(github.ref, 'refs/heads/develop') }}
103+
# if: ${{ contains(github.ref, 'refs/heads/main') || contains(github.head_ref, 'release') }}
104104
# with:
105105
# sarif_file: dockle-report.sarif
106106

107107
- name: Trivy Vulnerability Scanner
108108
uses: aquasecurity/trivy-action@master
109-
if: ${{ contains(github.ref, 'refs/heads/main') || contains(github.ref, 'refs/heads/develop') }}
109+
if: ${{ contains(github.ref, 'refs/heads/main') || contains(github.head_ref, 'release') }}
110110
with:
111111
image-ref: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
112112
format: 'sarif'
113113
output: 'trivy-results.sarif'
114114

115115
- name: Upload Trivy SARIF Report
116116
uses: github/codeql-action/upload-sarif@v2
117-
if: ${{ contains(github.ref, 'refs/heads/main') || contains(github.ref, 'refs/heads/develop') }}
117+
if: ${{ contains(github.ref, 'refs/heads/main') || contains(github.head_ref, 'release') }}
118118
with:
119119
sarif_file: 'trivy-results.sarif'
120120

121121
- name: Anchore Container Scan
122122
id: anchore-scan
123123
uses: anchore/scan-action@v3.3.0
124-
if: ${{ contains(github.ref, 'refs/heads/main') || contains(github.ref, 'refs/heads/develop') }}
124+
if: ${{ contains(github.ref, 'refs/heads/main') || contains(github.head_ref, 'release') }}
125125
with:
126126
image: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
127127
fail-build: true
@@ -130,7 +130,7 @@ jobs:
130130

131131
- name: Upload Anchore Scan SARIF Report
132132
uses: github/codeql-action/upload-sarif@v2
133-
if: ${{ contains(github.ref, 'refs/heads/main') || contains(github.ref, 'refs/heads/develop') }}
133+
if: ${{ contains(github.ref, 'refs/heads/main') || contains(github.head_ref, 'release') }}
134134
with:
135135
sarif_file: ${{ steps.anchore-scan.outputs.sarif }}
136136
token: ${{ secrets.GITHUB_TOKEN }}

0 commit comments

Comments
 (0)