From b1901d0c2d5e513b74b1125d6994f8a6f1393e23 Mon Sep 17 00:00:00 2001 From: Waren Gonzaga Date: Sun, 22 Jun 2025 00:50:21 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=F0=9F=90=9B=20fix:=20update=20release=20wo?= =?UTF-8?q?rkflow?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/release.yml | 21 ++++++++++++--------- package.json | 2 +- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 625afd6..d0fbbc4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,11 +13,20 @@ jobs: name: Build Production Images runs-on: ubuntu-latest if: startsWith(github.ref, 'refs/tags/') + permissions: + contents: read + packages: write steps: - name: Checkout code uses: actions/checkout@v4 + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + - name: Setup Docker Buildx uses: docker/setup-buildx-action@v3 with: @@ -25,12 +34,6 @@ jobs: endpoint: "wgtechlabs/unthread-bot-builder" install: true - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: @@ -90,12 +93,12 @@ jobs: org.opencontainers.image.revision=${{ github.sha }} org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }} org.opencontainers.image.url=${{ github.server_url }}/${{ github.repository }} - org.opencontainers.image.licenses=GPL-3.0 - cache-from: type=gha + org.opencontainers.image.licenses=GPL-3.0 cache-from: type=gha cache-to: type=gha,mode=max - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.28.0 + continue-on-error: true with: image-ref: ${{ env.REGISTRY_DOCKERHUB }}:${{ steps.version.outputs.version }} format: 'sarif' @@ -103,7 +106,7 @@ jobs: - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v3 - if: always() + if: always() && hashFiles('trivy-results.sarif') != '' with: sarif_file: 'trivy-results.sarif' diff --git a/package.json b/package.json index c6d0977..de5b8c6 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "unthread-webhook-server", - "version": "1.0.0-beta.2", + "version": "1.0.0-beta.3", "description": "A Node.js server application that receives webhook events from Unthread.io and queues them for processing.", "license": "GPL-3.0", "private": true, From f11ef35d5e2cbe007fafa5579659afa0d628c06b Mon Sep 17 00:00:00 2001 From: Waren Gonzaga Date: Sun, 22 Jun 2025 00:52:22 +0800 Subject: [PATCH 2/2] Update .github/workflows/release.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/release.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d0fbbc4..ee66ba5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -93,7 +93,8 @@ jobs: org.opencontainers.image.revision=${{ github.sha }} org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }} org.opencontainers.image.url=${{ github.server_url }}/${{ github.repository }} - org.opencontainers.image.licenses=GPL-3.0 cache-from: type=gha + org.opencontainers.image.licenses=GPL-3.0 + cache-from: type=gha cache-to: type=gha,mode=max - name: Run Trivy vulnerability scanner