From 497d51973ae2a986373decbfeb7a1afe229e5fd6 Mon Sep 17 00:00:00 2001 From: Aaron Pham Date: Mon, 7 Oct 2024 02:52:14 -0400 Subject: [PATCH] chore(ci): remove signing and vuln (#1484) Signed-off-by: Aaron Pham --- .github/workflows/docker-build-push.yaml | 29 ------------------------ 1 file changed, 29 deletions(-) diff --git a/.github/workflows/docker-build-push.yaml b/.github/workflows/docker-build-push.yaml index 61ec110..f3bd2cd 100644 --- a/.github/workflows/docker-build-push.yaml +++ b/.github/workflows/docker-build-push.yaml @@ -86,32 +86,3 @@ jobs: labels: ${{ steps.meta.outputs.labels || steps.meta-pr.outputs.labels }} cache-from: type=gha cache-to: type=gha - - - name: Sign the released image - if: ${{ github.event_name != 'pull_request' }} - env: - COSIGN_EXPERIMENTAL: "true" - run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push.outputs.digest }} - - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph - uses: aquasecurity/trivy-action@master - if: ${{ github.event_name != 'pull_request' }} - with: - image-ref: "ghcr.io/${{ github.repository_owner }}/quartz:sha-${{ env.GITHUB_SHA_SHORT }}" - format: "github" - output: "dependency-results.sbom.json" - github-pat: ${{ secrets.GITHUB_TOKEN }} - scanners: "vuln" - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - if: ${{ github.event_name != 'pull_request' }} - with: - image-ref: "ghcr.io/${{ github.repository_owner }}/quartz:sha-${{ env.GITHUB_SHA_SHORT }}" - format: "sarif" - output: "trivy-results.sarif" - severity: "CRITICAL" - scanners: "vuln" - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - if: ${{ github.event_name != 'pull_request' }} - with: - sarif_file: "trivy-results.sarif"