sartography/spiff-arena
1
0
Fork 0
mirror of https://github.com/sartography/spiff-arena.git synced 2025-01-12 10:34:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Only scan amd64-arch image for vulns (#2176)

Browse Source 
* Only scan amd64-arch image for vulns

Addresses [the problem identfied here](https://github.com/sartography/spiff-arena/pull/2174#issuecomment-2518118100).

* Add comment for future coders

Explain why we're only building one arch initially.
This commit is contained in:
Bret Mogilefsky 2024-12-05 07:12:11 -08:00 committed by GitHub
parent 17082e9fc1
commit a065266e2f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/build_docker_images.yml vendored
View File

@ -103,7 +103,10 @@ jobs:
load: true # Load image to local Docker daemon
tags: ${{ steps.full_tag.outputs.full_tag }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
# While we ultimately push multi-arch images (amd64/arm64) to registries, we don't want to do that before we scan for vulns.
# The Action can only load a single arch image into the local dockerd at a time, so we only build and test one arch here.
# It's pretty likely that any vuln in amd64 is also in arm64, and vice-versa, so the trade-off seems reasonable.
platforms: linux/amd64
cache-from: type=gha
cache-to: type=gha,mode=max