From 91e23cd9f5577fe8e66d8fe921f82a8fa83d8b7e Mon Sep 17 00:00:00 2001
From: Prasad Tengse <10941447+tprasadtp@users.noreply.github.com>
Date: Fri, 26 Mar 2021 23:02:39 +0100
Subject: [PATCH] ci: Fix Trivy workflow (#31)
---
.chglog/config.yml | 3 ---
.github/workflows/build.yml | 10 +++++-----
.github/workflows/release.yml | 4 ++--
.github/workflows/security.yml | 9 +++++----
CHANGELOG.md | 15 ++++++++++++++-
Makefile | 5 -----
README.md | 4 ++++
go.mod | 3 +++
8 files changed, 33 insertions(+), 20 deletions(-)
create mode 100644 go.mod
diff --git a/.chglog/config.yml b/.chglog/config.yml
index 7af9e0b..46339fa 100755
--- a/.chglog/config.yml
+++ b/.chglog/config.yml
@@ -67,6 +67,3 @@ options:
pattern: "^Revert \"([\\s\\S]*)\"$"
pattern_maps:
- Header
-
-# diana:{diana_version}:{remote}:{source}:{version}:{remote_path}:{type}
-# diana:0.2.7:github:tprasadtp/templates::chglog/config.yml:static
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index e0c4cdd..e0155ac 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -64,16 +64,16 @@ jobs:
make changelog
cat CHANGELOG.md
- - name: Build snapshot
+ - name: Build snapshot
run: make snapshot
- name: Run Trivy vulnerability scanner
- uses: aquasecurity/trivy-action@0.0.12
+ id: trivy
+ uses: aquasecurity/trivy-action@0.0.13
with:
scan-type: 'image'
vuln-type: os
severity: HIGH,CRITICAL
- exit-code: 1
ignore-unfixed: true
image-ref: 'ghcr.io/tprasadtp/protonvpn:${{ github.sha }}-amd64'
format: 'template'
@@ -81,7 +81,7 @@ jobs:
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
- if: always()
+ if: github.ref == 'refs/heads/master'
uses: github/codeql-action/upload-sarif@v1
with:
- sarif_file: 'trivy-results.sarif'
\ No newline at end of file
+ sarif_file: 'trivy-results.sarif'
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index de62c33..b94c14d 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -73,8 +73,8 @@ jobs:
uses: docker/login-action@v1
with:
registry: ghcr.io
- username: valarie-ci-bot
- password: ${{ secrets.GH_TOKEN }}
+ username: ${{ github.actor }}
+ password: ${{ secrets.GITHUB_TOKEN }}
- name: Run GoReleaser
run: make release-prod
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 41316ad..c42d30a 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -1,5 +1,6 @@
name: security
on:
+ workflow_dispatch:
schedule:
# Every Friday at 2100
- cron: "0 21 * * FRI"
@@ -8,20 +9,20 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Run Trivy vulnerability scanner
- uses: aquasecurity/trivy-action@0.0.12
+ id: trivy
+ uses: aquasecurity/trivy-action@0.0.13
with:
scan-type: 'image'
vuln-type: os
severity: HIGH,CRITICAL
- exit-code: 1
ignore-unfixed: true
- image-ref: 'ghcr.io/tprasadtp/protonvpn:latest-amd64'
+ image-ref: 'ghcr.io/tprasadtp/protonvpn:latest'
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
- if: always()
+ if: github.ref == 'refs/heads/master' && always()
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: 'trivy-results.sarif'
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8ea729d..21c896c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,8 +3,20 @@
## Changelog
+
+## [4.1.2] - 2021-03-26
+
+### 🤖 Continuous Integration & Automation
+- Fix Trivy workflow ([d7d9fcb](https://github.com/tprasadtp/protonvpn-docker/commit/d7d9fcb5c8abdee6699b40ff3fda534c3fb5c656))
+- **deps:** bump aquasecurity/trivy-action from 0.0.11 to 0.0.12 ([#28](https://github.com/tprasadtp/protonvpn-docker/issues/28)) ([b340412](https://github.com/tprasadtp/protonvpn-docker/commit/b340412df2f151377603e5d4e5eed1218e81ef23))
+
+### 🥺 Maintanance
+- **deps:** bump ubuntu from focal-20210217 to focal-20210325 ([#30](https://github.com/tprasadtp/protonvpn-docker/issues/30)) ([1c25946](https://github.com/tprasadtp/protonvpn-docker/commit/1c2594684f9d43f702a19983d99b9433356ec693))
+- **deps:** bump urllib3 from 1.26.3 to 1.26.4 in /root ([#26](https://github.com/tprasadtp/protonvpn-docker/issues/26)) ([4148872](https://github.com/tprasadtp/protonvpn-docker/commit/4148872439bb6499855ca1ba3488a4bb3cd8de60))
+
+
-## [4.1.1] - 2021-03-13
+## [4.1.1] - 2021-03-14
### 🤖 Continuous Integration & Automation
- (experimental) add image scanning as a cron job ([#24](https://github.com/tprasadtp/protonvpn-docker/issues/24)) ([4ad9d7c](https://github.com/tprasadtp/protonvpn-docker/commit/4ad9d7cd6573f77c3b2fa3b19a9722c727a1c029))
@@ -61,6 +73,7 @@
+[4.1.2]: https://github.com/tprasadtp/protonvpn-docker/compare/4.1.1...4.1.2
[4.1.1]: https://github.com/tprasadtp/protonvpn-docker/compare/4.1.0...4.1.1
[4.1.0]: https://github.com/tprasadtp/protonvpn-docker/compare/4.0.0...4.1.0
[4.0.0]: https://github.com/tprasadtp/protonvpn-docker/compare/3.1.0...4.0.0
diff --git a/Makefile b/Makefile
index 4eea866..64fdf02 100644
--- a/Makefile
+++ b/Makefile
@@ -56,13 +56,8 @@ snapshot: ## Build snapshot
release: ## Build release
goreleaser release --rm-dist --release-notes $(REPO_ROOT)/RELEASE_NOTES.md --skip-publish
-# DELETING MANIFESTS IS IMPORTANT!
-# GORELEASES USES --amend flag on docker manifest create command!
-# This will cause old images to be included in the manifest!
.PHONY: release-prod
release-prod: ## Build and release to production/QA
- @for img in $(DOCKER_IMAGES); do docker manifest rm $${img}:4.0 || true ; done
- @for img in $(DOCKER_IMAGES); do docker manifest rm $${img}:latest || true ; done
goreleaser release --rm-dist --release-notes $(REPO_ROOT)/RELEASE_NOTES.md
.PHONY: clean
diff --git a/README.md b/README.md
index 5831c87..a495447 100644
--- a/README.md
+++ b/README.md
@@ -23,6 +23,10 @@
+
+ 
+
+
diff --git a/go.mod b/go.mod
new file mode 100644
index 0000000..3936133
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,3 @@
+module github.com/tprasadtp/protonvpn-docker
+
+go 1.16