nessi/NexaPG
1
0
Fork 0
Code Issues 19 Pull Requests Actions Packages Projects Releases 13 Activity

Fix CI stability: resolve Docker Scout write/auth issues and harden PG matrix checkout #35

Merged
nessi merged 6 commits from development into main 2026-02-14 22:12:28 +00:00
Conversation 0 Commits 6 Files Changed 2 +28 -4
2 changed files with 28 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
.github/workflows/container-cve-scan-development.yml vendored
View File

@@ -24,6 +24,13 @@ jobs:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Prepare Docker auth config for Scout container
if: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
run: |
mkdir -p "$RUNNER_TEMP/scout-docker-config"
cp "$HOME/.docker/config.json" "$RUNNER_TEMP/scout-docker-config/config.json"
chmod 600 "$RUNNER_TEMP/scout-docker-config/config.json"
- name: Build backend image (local)
uses: docker/build-push-action@v6
with:
@@ -93,30 +100,44 @@ jobs:
PY
- name: Docker Scout scan (backend)
continue-on-error: true
run: |
if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then
echo "Docker Hub Scout scan skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set." > scout-backend.txt
exit 0
fi
docker run --rm \
-u root \
-v /var/run/docker.sock:/var/run/docker.sock \
-v "$RUNNER_TEMP/scout-docker-config:/root/.docker" \
-e DOCKER_CONFIG=/root/.docker \
-e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
-e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
-e DOCKER_SCOUT_HUB_PASSWORD="${{ secrets.DOCKERHUB_TOKEN }}" \
docker/scout-cli:latest cves nexapg-backend:dev-scan \
--only-severity critical,high,medium,low > scout-backend.txt
--only-severity critical,high,medium,low > scout-backend.txt 2>&1 || {
echo "" >> scout-backend.txt
echo "Docker Scout backend scan failed (non-blocking)." >> scout-backend.txt
}
- name: Docker Scout scan (frontend)
continue-on-error: true
run: |
if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then
echo "Docker Hub Scout scan skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set." > scout-frontend.txt
exit 0
fi
docker run --rm \
-u root \
-v /var/run/docker.sock:/var/run/docker.sock \
-v "$RUNNER_TEMP/scout-docker-config:/root/.docker" \
-e DOCKER_CONFIG=/root/.docker \
-e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
-e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
-e DOCKER_SCOUT_HUB_PASSWORD="${{ secrets.DOCKERHUB_TOKEN }}" \
docker/scout-cli:latest cves nexapg-frontend:dev-scan \
--only-severity critical,high,medium,low > scout-frontend.txt
--only-severity critical,high,medium,low > scout-frontend.txt 2>&1 || {
echo "" >> scout-frontend.txt
echo "Docker Scout frontend scan failed (non-blocking)." >> scout-frontend.txt
}
- name: Print scan summary
run: |

3
.github/workflows/pg-compat-matrix.yml vendored
View File

@@ -11,6 +11,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
fail-fast: false
max-parallel: 3
matrix:
pg_version: ["14", "15", "16", "17", "18"]
@@ -32,6 +33,8 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Set up Python
uses: actions/setup-python@v5