nessi/NexaPG
1
0
Fork 0
Code Issues 19 Pull Requests Actions Packages Projects Releases 13 Activity

Fix CI stability: resolve Docker Scout write/auth issues and harden PG matrix checkout #35

Merged
nessi merged 6 commits from development into main 2026-02-14 22:12:28 +00:00
Conversation 0 Commits 6 Files Changed 2 +12 -22
1 changed files with 12 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit af6ea11079 - Show all commits

34
.github/workflows/container-cve-scan-development.yml vendored
View File

@@ -24,20 +24,12 @@ jobs:
username: ${{ secrets.DOCKERHUB_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }} password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Docker Scout login bootstrap - name: Prepare Docker auth config for Scout container
continue-on-error: true if: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
run: | run: |
if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then
echo "Docker Scout login skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set."
exit 0
fi
mkdir -p "$RUNNER_TEMP/scout-docker-config" mkdir -p "$RUNNER_TEMP/scout-docker-config"
printf '%s' "${{ secrets.DOCKERHUB_TOKEN }}" | docker run --rm -i \ cp "$HOME/.docker/config.json" "$RUNNER_TEMP/scout-docker-config/config.json"
-e DOCKER_CONFIG=/home/scout/.docker \ chmod 600 "$RUNNER_TEMP/scout-docker-config/config.json"
-v "$RUNNER_TEMP/scout-docker-config:/home/scout/.docker" \
docker/scout-cli:latest login \
--username "${{ secrets.DOCKERHUB_USERNAME }}" \
--password-stdin || true
- name: Build backend image (local) - name: Build backend image (local)
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
@@ -114,13 +106,12 @@ jobs:
echo "Docker Hub Scout scan skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set." > scout-backend.txt echo "Docker Hub Scout scan skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set." > scout-backend.txt
exit 0 exit 0
fi fi
if [ ! -f "$HOME/.docker/config.json" ]; then
echo "Runner Docker config not found; continuing with Scout login cache if present." > scout-backend.txt
fi
docker run --rm \ docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock \ -v /var/run/docker.sock:/var/run/docker.sock \
-v "$RUNNER_TEMP/scout-docker-config:/home/scout/.docker" \ -v "$RUNNER_TEMP/scout-docker-config:/root/.docker:ro" \
-e DOCKER_CONFIG=/home/scout/.docker \ -e DOCKER_CONFIG=/root/.docker \
-e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
-e DOCKER_SCOUT_HUB_PASSWORD="${{ secrets.DOCKERHUB_TOKEN }}" \
docker/scout-cli:latest cves nexapg-backend:dev-scan \ docker/scout-cli:latest cves nexapg-backend:dev-scan \
--only-severity critical,high,medium,low > scout-backend.txt 2>&1 || { --only-severity critical,high,medium,low > scout-backend.txt 2>&1 || {
echo "" >> scout-backend.txt echo "" >> scout-backend.txt
@@ -134,13 +125,12 @@ jobs:
echo "Docker Hub Scout scan skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set." > scout-frontend.txt echo "Docker Hub Scout scan skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set." > scout-frontend.txt
exit 0 exit 0
fi fi
if [ ! -f "$HOME/.docker/config.json" ]; then
echo "Runner Docker config not found; continuing with Scout login cache if present." > scout-frontend.txt
fi
docker run --rm \ docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock \ -v /var/run/docker.sock:/var/run/docker.sock \
-v "$RUNNER_TEMP/scout-docker-config:/home/scout/.docker" \ -v "$RUNNER_TEMP/scout-docker-config:/root/.docker:ro" \
-e DOCKER_CONFIG=/home/scout/.docker \ -e DOCKER_CONFIG=/root/.docker \
-e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
-e DOCKER_SCOUT_HUB_PASSWORD="${{ secrets.DOCKERHUB_TOKEN }}" \
docker/scout-cli:latest cves nexapg-frontend:dev-scan \ docker/scout-cli:latest cves nexapg-frontend:dev-scan \
--only-severity critical,high,medium,low > scout-frontend.txt 2>&1 || { --only-severity critical,high,medium,low > scout-frontend.txt 2>&1 || {
echo "" >> scout-frontend.txt echo "" >> scout-frontend.txt