@@ -198,36 +198,37 @@ jobs:
198198 run : |
199199 echo "${{ secrets.ROOT_CA_CERTIFICATE_BASE64 }}" | base64 -d > rootCA.crt
200200
201- name : Build and push image to scan
202- if : ${{ needs.needs-scan-for-vulnerabilities.outputs.skip == 'false' && inputs.scan_image_enabled && ( github.ref_type != 'tag' || steps.check-ref.outputs.has_alpha == 'false' ) }}
203- uses : docker/build-push-action@v5
204- with :
205- # If your Dockerfile is not present in the root directory
206- # change it to the correct subdirectory name
207- context : ${{ inputs.docker_context }}
208- file : ${{ inputs.docker_file }}
209- target : ${{ inputs.docker_target }}
210- push : true
211- tags : ${{ inputs.image }}:scan-${{ github.sha }}-${{ github.run_id }}-${{ github.run_attempt }}
212- labels : ${{ steps.meta.outputs.labels }}
213- cache-from : ${{ steps.should-cache.outputs.cache-from }}
214- cache-to : ${{ steps.should-cache.outputs.cache-to }}
215- secrets : |
216- "oban_key_fingerprint=${{ secrets.OBAN_KEY_FINGERPRINT }}"
217- "oban_license_key=${{ secrets.OBAN_LICENSE_KEY }}"
218- "IBM_CLOUD_API_KEY=${{ secrets.IBM_CLOUD_API_KEY }}"
219- ${{ inputs.docker_secrets }}
220- build-args : |-
221- SN_GITHUB_NPM_TOKEN=${{ secrets.GHEC_NPM_REGISTRY_TOKEN }}
222- SN_GITHUB_NPM_REGISTRY=https://npm.pkg.github.com
201+ # TODO: Re enable when Twistlock is back up
202+ # - name: Build and push image to scan
203+ # if: ${{ needs.needs-scan-for-vulnerabilities.outputs.skip == 'false' && inputs.scan_image_enabled && ( github.ref_type != 'tag' || steps.check-ref.outputs.has_alpha == 'false' ) }}
204+ # uses: docker/build-push-action@v5
205+ # with:
206+ # # If your Dockerfile is not present in the root directory
207+ # # change it to the correct subdirectory name
208+ # context: ${{ inputs.docker_context }}
209+ # file: ${{ inputs.docker_file }}
210+ # target: ${{ inputs.docker_target }}
211+ # push: true
212+ # tags: ${{ inputs.image }}:scan-${{ github.sha }}-${{ github.run_id }}-${{ github.run_attempt }}
213+ # labels: ${{ steps.meta.outputs.labels }}
214+ # cache-from: ${{ steps.should-cache.outputs.cache-from }}
215+ # cache-to: ${{ steps.should-cache.outputs.cache-to }}
216+ # secrets: |
217+ # "oban_key_fingerprint=${{ secrets.OBAN_KEY_FINGERPRINT }}"
218+ # "oban_license_key=${{ secrets.OBAN_LICENSE_KEY }}"
219+ # "IBM_CLOUD_API_KEY=${{ secrets.IBM_CLOUD_API_KEY }}"
220+ # ${{ inputs.docker_secrets }}
221+ # build-args: |-
222+ # SN_GITHUB_NPM_TOKEN=${{ secrets.GHEC_NPM_REGISTRY_TOKEN }}
223+ # SN_GITHUB_NPM_REGISTRY=https://npm.pkg.github.com
223224
224- name : Scan image
225- if : ${{ needs.needs-scan-for-vulnerabilities.outputs.skip == 'false' && inputs.scan_image_enabled && ( github.ref_type != 'tag' || steps.check-ref.outputs.has_alpha == 'false' ) }}
226- uses : ibm-skills-network/action-scan-container-image@main
227- with :
228- image : ${{ inputs.image }}:scan-${{ github.sha }}-${{ github.run_id }}-${{ github.run_attempt }}
229- image_scan_cos_sps_toolchain_api_token : ${{ secrets.CONTAINER_IMAGE_SCAN_RESULT_COS_API_KEY }}
230- fail_if_overdue : ${{ inputs.scan_fail_if_overdue }}
225+ # - name: Scan image
226+ # if: ${{ needs.needs-scan-for-vulnerabilities.outputs.skip == 'false' && inputs.scan_image_enabled && ( github.ref_type != 'tag' || steps.check-ref.outputs.has_alpha == 'false' ) }}
227+ # uses: ibm-skills-network/action-scan-container-image@main
228+ # with:
229+ # image: ${{ inputs.image }}:scan-${{ github.sha }}-${{ github.run_id }}-${{ github.run_attempt }}
230+ # image_scan_cos_sps_toolchain_api_token: ${{ secrets.CONTAINER_IMAGE_SCAN_RESULT_COS_API_KEY }}
231+ # fail_if_overdue: ${{ inputs.scan_fail_if_overdue }}
231232
232233 - name : Check image exist on ICR
233234 id : check-image
0 commit comments