@@ -52,6 +52,16 @@ inputs:
52
52
runs :
53
53
using : composite
54
54
steps :
55
+ - name : Set up Docker
56
+ uses : crazy-max/ghaction-setup-docker@v3
57
+ with :
58
+ daemon-config : |
59
+ {
60
+ "features": {
61
+ "containerd-snapshotter": true
62
+ }
63
+ }
64
+
55
65
- name : Set up QEMU
56
66
uses : docker/setup-qemu-action@v3
57
67
@@ -72,15 +82,18 @@ runs:
72
82
context : ${{ inputs.context }}
73
83
file : ${{ inputs.file }}
74
84
platforms : ${{ inputs.platforms }}
75
- push : ${{ inputs.push }}
76
- sbom : true
85
+ outputs : |
86
+ type=docker,rewrite-timestamp=true
87
+ type=image,push=${{ inputs.push }},rewrite-timestamp=true
77
88
tags : |
78
89
${{ inputs.primaryTag }}
79
90
${{ inputs.tags }}
80
91
build-args : ${{ inputs.args }}
81
92
cache-from : ${{ inputs.cache-from }}
82
93
cache-to : ${{ inputs.cache-to }}
83
94
no-cache : ${{ inputs.no-cache }}
95
+ env :
96
+ SOURCE_DATE_EPOCH : 0
84
97
85
98
- name : Get image name
86
99
shell : bash
@@ -112,18 +125,6 @@ runs:
112
125
push-to-registry : true
113
126
if : inputs.push == 'true'
114
127
115
- - name : Load image to local Docker
116
- uses : docker/build-push-action@v6
117
- with :
118
- load : true
119
- push : false
120
- context : ${{ inputs.context }}
121
- file : ${{ inputs.file }}
122
- tags : |
123
- ${{ inputs.primaryTag }}
124
- ${{ inputs.tags }}
125
- build-args : ${{ inputs.args }}
126
-
127
128
- name : Generate filename for SARIF
128
129
shell : bash
129
130
id : filename
@@ -158,7 +159,7 @@ runs:
158
159
-v $(pwd)/.cache:/root/.cache \
159
160
-v $(pwd):/workdir \
160
161
-w /workdir \
161
- aquasec/trivy:0.56 .1 image --format json --ignore-unfixed --pkg-types os --scanners vuln --db-repository ghcr.io/aquasecurity/trivy-db:2,public.ecr.aws/aquasecurity/trivy-db:2 ${{ inputs.primaryTag }} --output trivy.json
162
+ aquasec/trivy:0.57 .1 image --format json --ignore-unfixed --pkg-types os --scanners vuln --db-repository ghcr.io/aquasecurity/trivy-db:2,public.ecr.aws/aquasecurity/trivy-db:2 ${{ inputs.primaryTag }} --output trivy.json
162
163
sudo chmod a+r -R .cache
163
164
164
165
- name : Calculate database hash
@@ -179,12 +180,12 @@ runs:
179
180
if : steps.old_hash.outputs.hash != steps.new_hash.outputs.hash && steps.new_hash.outputs.hash != ''
180
181
181
182
- name : Print report
182
- uses : docker://aquasec/trivy:0.56 .1
183
+ uses : docker://aquasec/trivy:0.57 .1
183
184
with :
184
185
args : convert --format=table trivy.json
185
186
186
187
- name : Generate SARIF
187
- uses : docker://aquasec/trivy:0.56 .1
188
+ uses : docker://aquasec/trivy:0.57 .1
188
189
with :
189
190
args : convert --format=sarif --output=${{ steps.filename.outputs.filename }} trivy.json
190
191
if : github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name
@@ -197,7 +198,7 @@ runs:
197
198
continue-on-error : true
198
199
199
200
- name : Prepare markdown report
200
- uses : docker://aquasec/trivy:0.56 .1
201
+ uses : docker://aquasec/trivy:0.57 .1
201
202
with :
202
203
args : convert --format=template --template=@.github/actions/build-docker-image/markdown.tpl --output=trivy.md trivy.json
203
204
if : github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name
0 commit comments