nessi/NexaPG
1
0
Fork 0
Code Issues 19 Pull Requests Actions Packages Projects Releases 13 Activity

Fix CI stability: resolve Docker Scout write/auth issues and harden PG matrix checkout #35

Merged
nessi merged 6 commits from development into main 2026-02-14 22:12:28 +00:00
Conversation 0 Commits 6 Files Changed 2 +18 -4
1 changed files with 18 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit dd3f18bb06 - Show all commits

22
.github/workflows/container-cve-scan-development.yml vendored
View File

@@ -93,6 +93,7 @@ jobs:
PY PY
- name: Docker Scout scan (backend) - name: Docker Scout scan (backend)
continue-on-error: true
run: | run: |
if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then
echo "Docker Hub Scout scan skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set." > scout-backend.txt echo "Docker Hub Scout scan skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set." > scout-backend.txt
@@ -104,11 +105,18 @@ jobs:
fi fi
docker run --rm \ docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock \ -v /var/run/docker.sock:/var/run/docker.sock \
-v "$HOME/.docker:/root/.docker:ro" \ -v "$HOME/.docker:/home/scout/.docker:ro" \
-e DOCKER_CONFIG=/home/scout/.docker \
-e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
-e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
docker/scout-cli:latest cves nexapg-backend:dev-scan \ docker/scout-cli:latest cves nexapg-backend:dev-scan \
--only-severity critical,high,medium,low > scout-backend.txt --only-severity critical,high,medium,low > scout-backend.txt 2>&1 || {
echo "" >> scout-backend.txt
echo "Docker Scout backend scan failed (non-blocking)." >> scout-backend.txt
}
- name: Docker Scout scan (frontend) - name: Docker Scout scan (frontend)
continue-on-error: true
run: | run: |
if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then
echo "Docker Hub Scout scan skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set." > scout-frontend.txt echo "Docker Hub Scout scan skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set." > scout-frontend.txt
@@ -120,9 +128,15 @@ jobs:
fi fi
docker run --rm \ docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock \ -v /var/run/docker.sock:/var/run/docker.sock \
-v "$HOME/.docker:/root/.docker:ro" \ -v "$HOME/.docker:/home/scout/.docker:ro" \
-e DOCKER_CONFIG=/home/scout/.docker \
-e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
-e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
docker/scout-cli:latest cves nexapg-frontend:dev-scan \ docker/scout-cli:latest cves nexapg-frontend:dev-scan \
--only-severity critical,high,medium,low > scout-frontend.txt --only-severity critical,high,medium,low > scout-frontend.txt 2>&1 || {
echo "" >> scout-frontend.txt
echo "Docker Scout frontend scan failed (non-blocking)." >> scout-frontend.txt
}
- name: Print scan summary - name: Print scan summary
run: | run: |