[DDO-3655]: Bump tailwindcss from 3.4.10 to 3.4.16 #770
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Dependabot Build Check | |
# The purpose of the workflow is to check that the Docker build succeeds and doesn't have | |
# new vulnerabilities. It only runs on Dependabot PRs because for human PRs we want the | |
# tag and publish capability of the main build job. | |
on: | |
pull_request: | |
branches: | |
- main | |
jobs: | |
dependabot-build: | |
runs-on: ubuntu-latest | |
if: ${{ github.actor == 'dependabot[bot]' }} | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build image | |
uses: docker/build-push-action@v6 | |
with: | |
push: false | |
load: true | |
tags: | | |
${{ github.event.repository.name }} | |
cache-from: type=gha | |
- name: Run Trivy vulnerability scanner | |
uses: broadinstitute/dsp-appsec-trivy-action@v1 | |
with: | |
image: ${{ github.event.repository.name }} |