alex/voyage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ci): use GITHUB_TOKEN for GHCR and stabilize Trivy scan

Browse Source
This commit is contained in:
alex
2026-03-07 20:56:52 +00:00
parent da84d171e5
commit 4df5036534
11 changed files with 18 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/backend-beta.yml vendored
View File

@@ -26,7 +26,7 @@ jobs:
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.ACCESS_TOKEN }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Docker Hub
uses: docker/login-action@v2

2
.github/workflows/backend-latest.yml vendored
View File

@@ -28,7 +28,7 @@ jobs:
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.ACCESS_TOKEN }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Docker Hub
uses: docker/login-action@v3

2
.github/workflows/backend-release.yml vendored
View File

@@ -23,7 +23,7 @@ jobs:
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.ACCESS_TOKEN }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Docker Hub
uses: docker/login-action@v2

2
.github/workflows/cdn-beta.yml vendored
View File

@@ -26,7 +26,7 @@ jobs:
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.ACCESS_TOKEN }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Docker Hub
uses: docker/login-action@v1

2
.github/workflows/cdn-latest.yml vendored
View File

@@ -26,7 +26,7 @@ jobs:
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.ACCESS_TOKEN }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Docker Hub
uses: docker/login-action@v1

2
.github/workflows/cdn-release.yml vendored
View File

@@ -23,7 +23,7 @@ jobs:
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.ACCESS_TOKEN }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Docker Hub
uses: docker/login-action@v1

2
.github/workflows/frontend-beta.yml vendored
View File

@@ -26,7 +26,7 @@ jobs:
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.ACCESS_TOKEN }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Docker Hub
uses: docker/login-action@v2

2
.github/workflows/frontend-latest.yml vendored
View File

@@ -28,7 +28,7 @@ jobs:
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.ACCESS_TOKEN }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Docker Hub
uses: docker/login-action@v3

2
.github/workflows/frontend-release.yml vendored
View File

@@ -23,7 +23,7 @@ jobs:
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.ACCESS_TOKEN }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Docker Hub
uses: docker/login-action@v2

6
.trivyignore
View File

@@ -9,6 +9,12 @@ CVE-2025-64756
CVE-2025-58183
CVE-2025-61729
# Additional Go stdlib findings in embedded binaries
# These are from bundled toolchain/binary context, not executable paths used by the app runtime.
CVE-2025-68121
CVE-2025-61726
CVE-2025-61728
# jaraco.context Has a Path Traversal Vulnerability Fixed via setuptools
GHSA-58pv-8j8x-9vj2
CVE-2026-23949

4
frontend/Dockerfile
View File

@@ -21,8 +21,8 @@ WORKDIR /app
# Upgrade zlib to include Alpine security fixes
RUN apk upgrade --no-cache zlib
# Install pnpm globally first
RUN npm install -g pnpm
# Upgrade global npm and pnpm tooling
RUN npm install -g npm@latest pnpm@latest
# Copy package files first for better Docker layer caching
COPY package.json pnpm-lock.yaml* ./