nessi/NexaPG
1
0
Fork 0
Code Issues 19 Pull Requests Actions Packages Projects Releases 13 Activity

Fix CI stability: resolve Docker Scout write/auth issues and harden PG matrix checkout #35

Merged
nessi merged 6 commits from development into main 2026-02-14 22:12:28 +00:00
Conversation 0 Commits 6 Files Changed 2 +19 -10
1 changed files with 19 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 5a7f32541f - Show all commits

29
.github/workflows/container-cve-scan-development.yml vendored
View File

@@ -24,6 +24,21 @@ jobs:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Docker Scout login bootstrap
continue-on-error: true
run: |
if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then
echo "Docker Scout login skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set."
exit 0
fi
mkdir -p "$RUNNER_TEMP/scout-docker-config"
printf '%s' "${{ secrets.DOCKERHUB_TOKEN }}" | docker run --rm -i \
-e DOCKER_CONFIG=/home/scout/.docker \
-v "$RUNNER_TEMP/scout-docker-config:/home/scout/.docker" \
docker/scout-cli:latest login \
--username "${{ secrets.DOCKERHUB_USERNAME }}" \
--password-stdin || true
- name: Build backend image (local)
uses: docker/build-push-action@v6
with:
@@ -100,15 +115,12 @@ jobs:
exit 0
fi
if [ ! -f "$HOME/.docker/config.json" ]; then
echo "Docker Hub Scout scan skipped: docker login config not found in runner." > scout-backend.txt
exit 0
echo "Runner Docker config not found; continuing with Scout login cache if present." > scout-backend.txt
fi
docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock \
-v "$HOME/.docker:/home/scout/.docker:ro" \
-v "$RUNNER_TEMP/scout-docker-config:/home/scout/.docker" \
-e DOCKER_CONFIG=/home/scout/.docker \
-e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
-e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
docker/scout-cli:latest cves nexapg-backend:dev-scan \
--only-severity critical,high,medium,low > scout-backend.txt 2>&1 || {
echo "" >> scout-backend.txt
@@ -123,15 +135,12 @@ jobs:
exit 0
fi
if [ ! -f "$HOME/.docker/config.json" ]; then
echo "Docker Hub Scout scan skipped: docker login config not found in runner." > scout-frontend.txt
exit 0
echo "Runner Docker config not found; continuing with Scout login cache if present." > scout-frontend.txt
fi
docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock \
-v "$HOME/.docker:/home/scout/.docker:ro" \
-v "$RUNNER_TEMP/scout-docker-config:/home/scout/.docker" \
-e DOCKER_CONFIG=/home/scout/.docker \
-e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
-e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
docker/scout-cli:latest cves nexapg-frontend:dev-scan \
--only-severity critical,high,medium,low > scout-frontend.txt 2>&1 || {
echo "" >> scout-frontend.txt