Skip to content

Build, Scan & Test Containers

uses: huntridge-labs/argus/.github/workflows/build-containers.yml@1.1.0

Pipeline

5 jobs (2 matrix) ยท scroll to zoom ยท drag to pan

Triggers

  • Pull request
  • Push
  • Manual dispatch

Permissions

Scope Access
contents read
security-events write
pull-requests write
packages read

Jobs

matrix โ€” Resolve image matrix

Runs on: ubuntu-latest ยท Timeout: 5 minutes ยท Condition: github.event_name != 'push' || !startsWith(github.event.head_commit.message, 'chore(release):')

Steps:

  1. Checkout โ€” actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
  2. Build matrix from argus.yml

build โ€” Build Images

Runs on: ubuntu-latest ยท Timeout: 15 minutes ยท Depends on: matrix ยท Condition: github.event_name != 'push' || !startsWith(github.event.head_commit.message, 'chore(release):')

Steps:

  1. Checkout โ€” actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
  2. Build image
  3. Save image to artifact
  4. Upload image artifact โ€” actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f

scan โ€” Scan ${{ matrix.image }}

Runs on: ubuntu-latest ยท Timeout: 15 minutes ยท Depends on: matrix, build ยท Condition: github.event_name != 'push' || !startsWith(github.event.head_commit.message, 'chore(release):')

Steps:

  1. Download image artifact โ€” actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e
  2. Load image
  3. Checkout (for argus SDK) โ€” actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
  4. Set up Python โ€” actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
  5. Install Argus SDK
  6. Scan with Trivy (SARIF) โ€” aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1
  7. Upload Trivy SARIF โ€” github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13
  8. Scan with Grype โ€” anchore/scan-action@e1165082ffb1fe366ebaf02d8526e7c4989ea9d2
  9. Scan with Trivy (JSON) โ€” aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1
  10. Generate report with Argus
  11. Upload scan artifacts โ€” actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f

test-cli โ€” Test Argus CLI

Runs on: ubuntu-latest ยท Timeout: 15 minutes ยท Depends on: matrix, build ยท Condition: github.event_name != 'push' || !startsWith(github.event.head_commit.message, 'chore(release):')

Steps:

  1. Checkout โ€” actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
  2. Set up Python โ€” actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
  3. Build and install Argus wheel
  4. Download all image artifacts โ€” actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e
  5. Load and retag images
  6. Package safety check
  7. Verify wheel installation
  8. Run argus scan
  9. Resolve latest run directory
  10. Verify outputs
  11. Validate SARIF
  12. Validate JSON results
  13. Validate audit trail
  14. Validate output-vars
  15. Upload test results โ€” actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f

comment-pr โ€” Container Scan Summary

Runs on: ubuntu-latest ยท Depends on: scan, test-cli

Steps:

  1. Checkout (for comment-pr action) โ€” actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
  2. Download scanner summaries โ€” actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e
  3. Set up Python โ€” actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
  4. Install Argus SDK
  5. Combine scanner summaries
  6. Comment PR with scan results โ€” ./.github/actions/comment-pr