@@ -3,8 +3,6 @@ name: CI Pipeline - Build and Scan
33on :
44 push :
55 branches : [ main ]
6- pull_request :
7- branches : [ main ]
86 workflow_dispatch :
97
108env :
@@ -14,250 +12,79 @@ env:
1412 AICHAT_CONTAINER_NAME : " aichat"
1513 RELEASE : " latest"
1614
17- permissions :
18- contents : read
19-
2015jobs :
21- # βββββββββββββββββββββββββββββ UI ββββββββββββββββββββββββββββββ
2216 UI :
2317 runs-on : ubuntu-latest
2418 name : UI Build and Scan
2519 steps :
2620 - uses : actions/checkout@v4
27-
28- - name : Build the Docker image
21+ - name : Build Docker image
2922 run : docker build -t ${{ env.UI_CONTAINER_NAME }}:${{ env.RELEASE }} ui/
30-
31- - name : Vision One Container Security Scan
23+ - name : Install TMAS CLI
24+ run : |
25+ curl -f -s -o tmas-cli.tar.gz "https://cli.artifactscan.cloudone.trendmicro.com/tmas-cli/latest/tmas-cli_Linux_x86_64.tar.gz"
26+ tar -xzf tmas-cli.tar.gz
27+ chmod +x tmas-cli
28+ sudo mv tmas-cli /usr/local/bin/tmas
29+ name : Scan with TMAS
3230 run : |
33- set -e
34- cd scripts && chmod +x tmas_install.sh && ./tmas_install.sh
3531 export TMAS_API_KEY='${{ secrets.V1_API_KEY }}'
36- IMAGE_TAR="${UI_CONTAINER_NAME}_${RELEASE}.tar"
37- docker save "${UI_CONTAINER_NAME}:${RELEASE}" > "$IMAGE_TAR"
38- tmas scan "docker-archive:$IMAGE_TAR" -VMS --saveSBOM > result.json
39- mv SBOM_* SBOM.json
40- echo "TMAS Scan Result"
41- cat result.json
32+ docker save "${UI_CONTAINER_NAME}:${RELEASE}" > image.tar
33+ tmas scan "docker-archive:image.tar" -VMS
4234
43- name : ' Upload Scan Result Artifact'
44- uses : actions/upload-artifact@v4
45- with :
46- name : container-scan-result-${{ env.UI_CONTAINER_NAME }}
47- path : scripts/result.json
48- retention-days : 30
49-
50- - name : ' Upload SBOM Artifact'
51- uses : actions/upload-artifact@v4
52- with :
53- name : sbom-${{ env.UI_CONTAINER_NAME }}
54- path : scripts/SBOM.json
55- retention-days : 30
56-
57- - name : ' Upload Build Artifact'
58- uses : actions/upload-artifact@v4
59- with :
60- name : ui-container-${{ env.RELEASE }}
61- path : ${{ env.UI_CONTAINER_NAME }}_${{ env.RELEASE }}.tar
62- retention-days : 7
63-
64- # βββββββββββββββββββββββββββββ SDK ββββββββββββββββββββββββββββββ
6535SDK :
6636 runs-on : ubuntu-latest
6737 name : SDK Build and Scan
6838 steps :
6939 - uses : actions/checkout@v4
70-
71- - name : Build the Docker image
40+ - name : Build Docker image
7241 run : docker build -t ${{ env.SDK_CONTAINER_NAME }}:${{ env.RELEASE }} sdk/
73-
74- - name : Vision One Container Security Scan
42+ - name : Install TMAS CLI
43+ run : |
44+ curl -f -s -o tmas-cli.tar.gz "https://cli.artifactscan.cloudone.trendmicro.com/tmas-cli/latest/tmas-cli_Linux_x86_64.tar.gz"
45+ tar -xzf tmas-cli.tar.gz
46+ chmod +x tmas-cli
47+ sudo mv tmas-cli /usr/local/bin/tmas
48+ name : Scan with TMAS
7549 run : |
76- set -e
77- cd scripts && chmod +x tmas_install.sh && ./tmas_install.sh
7850 export TMAS_API_KEY='${{ secrets.V1_API_KEY }}'
79- IMAGE_TAR="${SDK_CONTAINER_NAME}_${RELEASE}.tar"
80- docker save "${SDK_CONTAINER_NAME}:${RELEASE}" > "$IMAGE_TAR"
81- tmas scan "docker-archive:$IMAGE_TAR" -VMS --saveSBOM > result.json
82- mv SBOM_* SBOM.json
83- echo "TMAS Scan Result"
84- cat result.json
85-
86- name : ' Upload Scan Result Artifact'
87- uses : actions/upload-artifact@v4
88- with :
89- name : container-scan-result-${{ env.SDK_CONTAINER_NAME }}
90- path : scripts/result.json
91- retention-days : 30
92-
93- - name : ' Upload SBOM Artifact'
94- uses : actions/upload-artifact@v4
95- with :
96- name : sbom-${{ env.SDK_CONTAINER_NAME }}
97- path : scripts/SBOM.json
98- retention-days : 30
51+ docker save "${SDK_CONTAINER_NAME}:${RELEASE}" > image.tar
52+ tmas scan "docker-archive:image.tar" -VMS
9953
100- - name : ' Upload Build Artifact'
101- uses : actions/upload-artifact@v4
102- with :
103- name : sdk-container-${{ env.RELEASE }}
104- path : ${{ env.SDK_CONTAINER_NAME }}_${{ env.RELEASE }}.tar
105- retention-days : 7
106-
107- # βββββββββββββββββββββββββββββ ContainerXDR ββββββββββββββββββββββββββββββ
10854ContainerXDR :
10955 runs-on : ubuntu-latest
11056 name : ContainerXDR Build and Scan
11157 steps :
11258 - uses : actions/checkout@v4
113-
114- - name : Build the Docker image
59+ - name : Build Docker image
11560 run : docker build -t ${{ env.CONTAINERXDR_CONTAINER_NAME }}:${{ env.RELEASE }} containerxdr/
116-
117- - name : Vision One Container Security Scan
61+ - name : Install TMAS CLI
62+ run : |
63+ curl -f -s -o tmas-cli.tar.gz "https://cli.artifactscan.cloudone.trendmicro.com/tmas-cli/latest/tmas-cli_Linux_x86_64.tar.gz"
64+ tar -xzf tmas-cli.tar.gz
65+ chmod +x tmas-cli
66+ sudo mv tmas-cli /usr/local/bin/tmas
67+ name : Scan with TMAS
11868 run : |
119- set -e
120- cd scripts && chmod +x tmas_install.sh && ./tmas_install.sh
12169 export TMAS_API_KEY='${{ secrets.V1_API_KEY }}'
122- IMAGE_TAR="${CONTAINERXDR_CONTAINER_NAME}_${RELEASE}.tar"
123- docker save "${CONTAINERXDR_CONTAINER_NAME}:${RELEASE}" > "$IMAGE_TAR"
124- tmas scan "docker-archive:$IMAGE_TAR" -VMS --saveSBOM > result.json
125- mv SBOM_* SBOM.json
126- echo "TMAS Scan Result"
127- cat result.json
128-
129- name : ' Upload Scan Result Artifact'
130- uses : actions/upload-artifact@v4
131- with :
132- name : container-scan-result-${{ env.CONTAINERXDR_CONTAINER_NAME }}
133- path : scripts/result.json
134- retention-days : 30
135-
136- - name : ' Upload SBOM Artifact'
137- uses : actions/upload-artifact@v4
138- with :
139- name : sbom-${{ env.CONTAINERXDR_CONTAINER_NAME }}
140- path : scripts/SBOM.json
141- retention-days : 30
142-
143- - name : ' Upload Build Artifact'
144- uses : actions/upload-artifact@v4
145- with :
146- name : containerxdr-container-${{ env.RELEASE }}
147- path : ${{ env.CONTAINERXDR_CONTAINER_NAME }}_${{ env.RELEASE }}.tar
148- retention-days : 7
70+ docker save "${CONTAINERXDR_CONTAINER_NAME}:${RELEASE}" > image.tar
71+ tmas scan "docker-archive:image.tar" -VMS
14972
150- # βββββββββββββββββββββββββββββ AI Chat ββββββββββββββββββββββββββββββ
15173AIChat :
15274 runs-on : ubuntu-latest
15375 name : AI Chat Build and Scan
15476 steps :
15577 - uses : actions/checkout@v4
156-
157- - name : Build the Docker image
78+ - name : Build Docker image
15879 run : docker build -t ${{ env.AICHAT_CONTAINER_NAME }}:${{ env.RELEASE }} aichat/
159-
160- - name : Vision One Container Security Scan
80+ - name : Install TMAS CLI
16181 run : |
162- set -e
163- cd scripts && chmod +x tmas_install.sh && ./tmas_install.sh
164- export TMAS_API_KEY='${{ secrets.V1_API_KEY }}'
165- IMAGE_TAR="${AICHAT_CONTAINER_NAME}_${RELEASE}.tar"
166- docker save "${AICHAT_CONTAINER_NAME}:${RELEASE}" > "$IMAGE_TAR"
167- tmas scan "docker-archive:$IMAGE_TAR" -VMS --saveSBOM > result.json
168- mv SBOM_* SBOM.json
169- echo "TMAS Scan Result"
170- cat result.json
171-
172- name : ' Upload Scan Result Artifact'
173- uses : actions/upload-artifact@v4
174- with :
175- name : container-scan-result-${{ env.AICHAT_CONTAINER_NAME }}
176- path : scripts/result.json
177- retention-days : 30
178-
179- - name : ' Upload SBOM Artifact'
180- uses : actions/upload-artifact@v4
181- with :
182- name : sbom-${{ env.AICHAT_CONTAINER_NAME }}
183- path : scripts/SBOM.json
184- retention-days : 30
185-
186- - name : ' Upload Build Artifact'
187- uses : actions/upload-artifact@v4
188- with :
189- name : aichat-container-${{ env.RELEASE }}
190- path : ${{ env.AICHAT_CONTAINER_NAME }}_${{ env.RELEASE }}.tar
191- retention-days : 7
192-
193- # βββββββββββββββββββββββββ UNIT TESTS βββββββββββββββββββββββ
194- UnitTests :
195- name : Unit Tests
196- needs : [UI, SDK, ContainerXDR, AIChat]
197- runs-on : ubuntu-latest
198- steps :
199- - uses : actions/checkout@v4
200-
201- - name : Setup Go
202- uses : actions/setup-go@v4
203- with :
204- go-version : ' 1.21'
205-
206- - name : Setup Node.js
207- uses : actions/setup-node@v4
208- with :
209- node-version : ' 18'
210-
211- - name : Test SDK Service
82+ curl -f -s -o tmas-cli.tar.gz "https://cli.artifactscan.cloudone.trendmicro.com/tmas-cli/latest/tmas-cli_Linux_x86_64.tar.gz"
83+ tar -xzf tmas-cli.tar.gz
84+ chmod +x tmas-cli
85+ sudo mv tmas-cli /usr/local/bin/tmas
86+ name : Scan with TMAS
21287 run : |
213- echo "π§ͺ Testing SDK service..."
214- cd sdk
215- go mod tidy
216- go test -v ./...
217-
218- - name : Test AI Chat Service
219- run : |
220- echo "π§ͺ Testing AI Chat service..."
221- cd aichat
222- go mod tidy
223- go test -v ./...
224-
225- - name : Test ContainerXDR Service
226- run : |
227- echo "π§ͺ Testing ContainerXDR service..."
228- cd containerxdr
229- go mod tidy
230- go test -v ./...
231-
232- - name : Test UI Dependencies
233- run : |
234- echo "π§ͺ Testing UI dependencies..."
235- cd ui
236- npm ci
237- npm run test --if-present
238-
239- # βββββββββββββββββββββββββ SECURITY SUMMARY βββββββββββββββββββββββ
240- SecuritySummary :
241- name : Security Summary
242- needs : [UI, SDK, ContainerXDR, AIChat]
243- runs-on : ubuntu-latest
244- steps :
245- - uses : actions/checkout@v4
246-
247- - name : Generate Security Report
248- run : |
249- echo "π Security Scan Summary for Boring Paper Co"
250- echo "============================================="
251- echo ""
252- echo "β
All containers built successfully"
253- echo "β
Vision One security scans completed"
254- echo "β
SBOM artifacts generated"
255- echo "β
Container artifacts uploaded"
256- echo ""
257- echo "π Next steps for production:"
258- echo " - Review Vision One scan results"
259- echo " - Address any high/critical vulnerabilities"
260- echo " - Review SBOM for license compliance"
261- echo " - Implement runtime security monitoring"
262- echo ""
263- echo "π Ready for deployment to cloud environments"
88+ export TMAS_API_KEY='${{ secrets.V1_API_KEY }}'
89+ docker save "${AICHAT_CONTAINER_NAME}:${RELEASE}" > image.tar
90+ tmas scan "docker-archive:image.tar" -VMS
0 commit comments