.github/workflows/anchore-analysis.yml


name: Anchore Container Scan

on:
  schedule:
    # launch analysis every day on develop (shall be launch after snapshot build)
    - cron:  '0 1 * * *'
  workflow_dispatch:

permissions:
  contents: read

jobs:
  Anchore-Build-Scan:
    permissions:
      contents: read  # for actions/checkout to fetch code
      security-events: write  # for github/codeql-action/upload-sarif to upload SARIF results
    runs-on: ubuntu-latest
    steps:
    - name: Checkout the code
      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
    - name: Pull docker images 
      run: | 
        docker pull lfeoperatorfabric/of-cards-consultation-service:SNAPSHOT
        docker pull lfeoperatorfabric/of-cards-publication-service:SNAPSHOT
        docker pull lfeoperatorfabric/of-users-service:SNAPSHOT
        docker pull lfeoperatorfabric/of-businessconfig-service:SNAPSHOT
        docker pull lfeoperatorfabric/of-external-devices-service:SNAPSHOT
        docker pull lfeoperatorfabric/of-cards-external-diffusion-service:SNAPSHOT
        docker pull lfeoperatorfabric/of-cards-reminder:SNAPSHOT
        docker pull lfeoperatorfabric/of-supervisor:SNAPSHOT
        docker pull lfeoperatorfabric/of-web-ui:SNAPSHOT
    - name: Analyse card consultation 
      uses: anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a # v3.6.4
      with:
        image: "lfeoperatorfabric/of-cards-consultation-service:SNAPSHOT"
        acs-report-enable: true
        fail-build: false
    - name: Upload Anchore Scan Report for cards-consultation
      uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6
      with:
        sarif_file: results.sarif
        category: consultation
    - name: Analyse card publication 
      uses: anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a # v3.6.4
      with:
        image: "lfeoperatorfabric/of-cards-publication-service:SNAPSHOT"
        acs-report-enable: true
        fail-build: false
    - name: Upload Anchore Scan Report for cards-publication
      uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6
      with:
        sarif_file: results.sarif
        category: publication
    - name: Analyse users 
      uses: anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a # v3.6.4
      with:
        image: "lfeoperatorfabric/of-users-service:SNAPSHOT"
        acs-report-enable: true
        fail-build: false
    - name: Upload Anchore Scan Report for users
      uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6
      with:
        sarif_file: results.sarif
        category: users
    - name: Analyse businessConfig 
      uses: anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a # v3.6.4
      with:
        image: "lfeoperatorfabric/of-businessconfig-service:SNAPSHOT"
        acs-report-enable: true
        fail-build: false
    - name: Upload Anchore Scan Report for businessConfig
      uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6
      with:
        sarif_file: results.sarif
        category: businessconfig
    - name: Analyse external-devices 
      uses: anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a # v3.6.4
      with:
        image: "lfeoperatorfabric/of-external-devices-service:SNAPSHOT"
        acs-report-enable: true
        fail-build: false
    - name: Upload Anchore Scan Report for external devices
      uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6
      with:
        sarif_file: results.sarif
        category: external-devices
    - name: Analyse web-ui
      uses: anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a # v3.6.4
      with:
        image: "lfeoperatorfabric/of-web-ui:SNAPSHOT"
        acs-report-enable: true
        fail-build: false
    - name: Upload Anchore Scan Report for web-ui
      uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6
      with:
        sarif_file: results.sarif
        category: web-ui
    - name: Analyse external-diffusion
      uses: anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a # v3.6.4
      with:
        image: "lfeoperatorfabric/of-cards-external-diffusion-service:SNAPSHOT"
        acs-report-enable: true
        fail-build: false
    - name: Upload Anchore Scan Report for external-diffusion
      uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6
      with:
        sarif_file: results.sarif
        category: external-diffusion
    - name: Analyse cards reminder 
      uses: anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a # v3.6.4
      with:
        image: "lfeoperatorfabric/of-cards-reminder:SNAPSHOT"
        acs-report-enable: true
        fail-build: false
    - name: Upload Anchore Scan Report for cards-reminder
      uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6
      with:
        sarif_file: results.sarif
        category: cards-reminder
    - name: Analyse supervisor 
      uses: anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a # v3.6.4
      with:
        image: "lfeoperatorfabric/of-supervisor:SNAPSHOT"
        acs-report-enable: true
        fail-build: false
    - name: Upload Anchore Scan Report for supervisor
      uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6
      with:
        sarif_file: results.sarif
        category: supervisor