Set password reset link expiration time to 1h #215

Workflow file for this run

	name: Docker build

	on:
	pull_request:
	branches: ["main", "develop", "release/*"]

	permissions: read-all

	jobs:
	docker:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	steps:
	- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
	with:
	persist-credentials: false

	- name: Docker version
	run: docker --version

	- name: Build API image
	run: \|
	IMAGE=dnsapi
	make build_api_image IMAGE=${IMAGE}
	echo "DNS_API_IMAGE=${IMAGE}" >> $GITHUB_ENV

	- name: Run Trivy vulnerability scanner - DNS API
	id: trivy_api
	continue-on-error: true
	uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # v0.34.2
	with:
	image-ref: ${{ env.DNS_API_IMAGE }}
	trivy-config: ./.github/trivy.yaml

	- name: Build Proxy image
	run: \|
	IMAGE=dnsproxy
	make build_proxy_image IMAGE=${IMAGE}
	echo "DNS_PROXY_IMAGE=${IMAGE}" >> $GITHUB_ENV

	- name: Run Trivy vulnerability scanner - DNS Proxy
	id: trivy_proxy
	continue-on-error: true
	uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # v0.34.2
	with:
	image-ref: ${{ env.DNS_PROXY_IMAGE }}
	trivy-config: ./.github/trivy.yaml

	- name: Build Frontend image
	run: \|
	IMAGE=dnswebapp
	make build_frontend_image IMAGE=${IMAGE}
	echo "DNS_FRONTEND_IMAGE=${IMAGE}" >> $GITHUB_ENV

	- name: Run Trivy vulnerability scanner - DNS Frontend
	id: trivy_frontend
	continue-on-error: true
	uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # v0.34.2
	with:
	image-ref: ${{ env.DNS_FRONTEND_IMAGE }}
	trivy-config: ./.github/trivy.yaml

	- name: Build DNS blocklists image
	run: \|
	IMAGE=dnsblocklists
	make build_blocklists_image IMAGE=${IMAGE}
	echo "DNS_BLOCKLISTS_IMAGE=${IMAGE}" >> $GITHUB_ENV

	- name: Run Trivy vulnerability scanner - DNS blocklists
	id: trivy_blocklists
	continue-on-error: true
	uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # v0.34.2
	with:
	image-ref: ${{ env.DNS_BLOCKLISTS_IMAGE }}
	trivy-config: ./.github/trivy.yaml

	- name: Build DNS check image
	run: \|
	IMAGE=dnscheck
	make build_dnscheck_image IMAGE=${IMAGE}
	echo "DNS_CHECK_IMAGE=${IMAGE}" >> $GITHUB_ENV

	- name: Run Trivy vulnerability scanner - DNS check
	id: trivy_dnscheck
	continue-on-error: true
	uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # v0.34.2
	with:
	image-ref: ${{ env.DNS_CHECK_IMAGE }}
	trivy-config: ./.github/trivy.yaml

	- name: Trivy scan summary
	if: >-
	steps.trivy_api.outcome == 'failure' \|\|
	steps.trivy_proxy.outcome == 'failure' \|\|
	steps.trivy_frontend.outcome == 'failure' \|\|
	steps.trivy_blocklists.outcome == 'failure' \|\|
	steps.trivy_dnscheck.outcome == 'failure'
	run: \|
	echo "## :warning: Trivy vulnerability scan findings" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "The following images have HIGH/CRITICAL vulnerabilities:" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	[ "${{ steps.trivy_api.outcome }}" = "failure" ] && echo "- DNS API (dnsapi)" >> $GITHUB_STEP_SUMMARY
	[ "${{ steps.trivy_proxy.outcome }}" = "failure" ] && echo "- DNS Proxy (dnsproxy)" >> $GITHUB_STEP_SUMMARY
	[ "${{ steps.trivy_frontend.outcome }}" = "failure" ] && echo "- DNS Frontend (dnswebapp)" >> $GITHUB_STEP_SUMMARY
	[ "${{ steps.trivy_blocklists.outcome }}" = "failure" ] && echo "- DNS Blocklists (dnsblocklists)" >> $GITHUB_STEP_SUMMARY
	[ "${{ steps.trivy_dnscheck.outcome }}" = "failure" ] && echo "- DNS Check (dnscheck)" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "Review the Trivy scan steps above for details. Consider creating a separate PR to upgrade affected dependencies." >> $GITHUB_STEP_SUMMARY

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Set password reset link expiration time to 1h #215

Workflow file

Set password reset link expiration time to 1h #215

Uh oh!

Workflow file for this run