Skip to content

[DCJ-400-gradle]: Bump io.zonky.test.postgres:embedded-postgres-binaries-bom from 12.8.0 to 16.4.0 #5764

[DCJ-400-gradle]: Bump io.zonky.test.postgres:embedded-postgres-binaries-bom from 12.8.0 to 16.4.0

[DCJ-400-gradle]: Bump io.zonky.test.postgres:embedded-postgres-binaries-bom from 12.8.0 to 16.4.0 #5764

Workflow file for this run

# Build the Docker image and scan it with Trivy
name: dsp-appsec-trivy
on:
workflow_dispatch: {}
pull_request:
jobs:
appsec-trivy:
name: DSP AppSec Trivy check
runs-on: ubuntu-latest
steps:
- name: Check out the code
uses: actions/checkout@v4
- name: Set up JDK 17 and cache Gradle build
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '17'
cache: 'gradle'
- name: Echo image name to output
id: build
run: |
# enable pipefail so a gradle build failure fails this step.
set -o pipefail
# build sources and store the plain log without colors
./gradlew jibDockerBuild --console=plain | tee build.log
# export image name from the log
image=$(grep 'Built image' build.log | awk '{print $NF}')
echo "image=${image}" >> $GITHUB_OUTPUT
- name: Scan the image with the AppSec Trivy action
uses: broadinstitute/dsp-appsec-trivy-action@v1
with:
image: ${{ steps.build.outputs.image }}