Merge branch 'io' into merge-upstream

2023-11-09 17:43:42 +09:00 · 2023-11-09 17:43:42 +09:00 · 50e811e862
commit 50e811e862
parent 2bc887a6c5 85c15bfee0
59 changed files with 534 additions and 410 deletions
--- a/.github/workflows/dockle.yml
+++ b/.github/workflows/dockle.yml
@ -1,4 +1,3 @@
---
 name: Dockle

 on:
@ -11,20 +10,23 @@ on:
 jobs:
  dockle:
    runs-on: ubuntu-latest
-    env:
-      DOCKER_CONTENT_TRUST: 1
    steps:
-      - uses: actions/checkout@v4.1.1
-      - run: |
-          curl -L -o dockle.deb "https://github.com/goodwithtech/dockle/releases/download/v0.4.10/dockle_0.4.10_Linux-64bit.deb"
-          sudo dpkg -i dockle.deb
-      - run: |
-          cp .config/docker_example.env .config/docker.env
-          cp ./docker-compose.yml.example ./docker-compose.yml
-      - run: |
-          docker compose up -d web
-          docker tag "$(docker compose images web | awk 'OFS=":" {print $4}' | tail -n +2)" misskey-web:latest
-      - run: |
-          cmd="dockle --exit-code 1 misskey-web:latest ${image_name}"
-          echo "> ${cmd}"
-          eval "${cmd}"
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Build an image from Dockerfile
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: false
+          provenance: false
+          cache-from: type=registry,ref=ghcr.io/misskeyio/misskey:io-buildcache
+          tags: |
+            misskey:scan
+      - name: Run dockle
+        uses: goodwithtech/dockle-action@main
+        with:
+          image: 'misskey:scan'
+          format: 'list'
+          exit-code: '1'
+          exit-level: 'warn'
+          ignore: 'CIS-DI-0005,CIS-DI-0010'