File tree Expand file tree Collapse file tree 1 file changed +36
-0
lines changed Expand file tree Collapse file tree 1 file changed +36
-0
lines changed Original file line number Diff line number Diff line change @@ -18,8 +18,24 @@ permissions:
1818 id-token : write
1919
2020jobs :
21+ av_database :
22+ name : Download AV database
23+ runs-on : ubuntu-22.04
24+ steps :
25+ - name : Install clamav and update databases
26+ run : |
27+ sudo apt-get update -y
28+ sudo apt-get -y --no-install-recommends install clamav ca-certificates
29+ sudo systemctl stop clamav-freshclam.service
30+ sudo freshclam
31+ name : Cache clamav databases
32+ uses : actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
33+ with :
34+ path : /var/lib/clamav
35+ key : clamav-${{ github.run_id }}
2136 image :
2237 name : Build image
38+ needs : av_database
2339 runs-on : ubuntu-22.04
2440 permissions :
2541 contents : read
6783 scan-type : image
6884 image-ref : ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }}
6985 exit-code : 1
86+ - name : Prepare cache directory
87+ run : |
88+ sudo mkdir -p /var/lib/clamav
89+ sudo chmod a+rwx /var/lib/clamav
90+ name : Retrieve AV database
91+ uses : actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
92+ with :
93+ path : /var/lib/clamav
94+ key : clamav-${{ github.run_id }}
95+ - name : Malware scan
96+ env :
97+ FULL_IMAGE : ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }}
98+ IMG_FILE : ${{ matrix.image }}-${{ inputs.image_tag }}.tar
99+ run : |
100+ sudo apt-get update -y
101+ sudo apt-get -y --no-install-recommends install clamav ca-certificates
102+ sudo systemctl stop clamav-freshclam.service
103+ sudo freshclam
104+ docker save $FULL_IMAGE -o $IMG_FILE
105+ clamscan $IMG_FILE
70106name : Test image base layer
71107 # Don't run base layer check for selected images
72108 if : ${{ !contains(fromJson(env.no_base_check), matrix.image) }}
You can’t perform that action at this time.
0 commit comments