From 3887ac8686e2944d75e5ae7ab2275e5d1bccda7d Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 21 Mar 2024 20:31:54 +0000
Subject: [PATCH 1/2] fix: Dockerfile to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE317-CURL-3320725
- https://snyk.io/vuln/SNYK-ALPINE317-CURL-5958910
- https://snyk.io/vuln/SNYK-ALPINE317-CURL-5958910
- https://snyk.io/vuln/SNYK-ALPINE317-LIBWEBP-5902239
- https://snyk.io/vuln/SNYK-ALPINE317-NGHTTP2-5954769
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 7f662e2..0440e4f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,7 +14,7 @@ WORKDIR /opt/blog-search/blog
 RUN hugo
 
 # Serve the site
-FROM nginx:1.23.3-alpine AS server
+FROM nginx:1.25.4-alpine AS server
 COPY --from=builder /opt/blog-search/blog/public/  /var/www/html/public/
 EXPOSE 6443/tcp
 CMD ["/usr/sbin/nginx", "-g", "daemon off;"]

From 871c940714a95c988dd13fc5f1a531faf1ef2ff8 Mon Sep 17 00:00:00 2001
From: Duck <70207455+entlein@users.noreply.github.com>
Date: Thu, 28 Mar 2024 16:33:45 +0100
Subject: [PATCH 2/2] Update publish-image.yml

---
 .github/workflows/publish-image.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/publish-image.yml b/.github/workflows/publish-image.yml
index 4c3c9e2..794a6f4 100644
--- a/.github/workflows/publish-image.yml
+++ b/.github/workflows/publish-image.yml
@@ -43,7 +43,7 @@ jobs:
 
       - name: Build an image from Dockerfile
         run: |
-          docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} -f Dockerfile1 .
+          docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} -f Dockerfile .
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
@@ -61,6 +61,9 @@ jobs:
         with:
           sarif_file: 'trivy-results.sarif'
 
+      - name: Push the image if scan passes
+        run: |
+          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} 
 
       # - name: Build and push Docker image
       #   uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
@@ -68,4 +71,4 @@ jobs:
       #     context: .
       #     push: true
       #     tags: ${{ steps.meta.outputs.tags }}
-      #     labels: ${{ steps.meta.outputs.labels }}
\ No newline at end of file
+      #     labels: ${{ steps.meta.outputs.labels }}