Skip to content

[DDO-3655]: Bump tailwindcss from 3.4.10 to 3.4.16 #770

[DDO-3655]: Bump tailwindcss from 3.4.10 to 3.4.16

[DDO-3655]: Bump tailwindcss from 3.4.10 to 3.4.16 #770

name: Dependabot Build Check
# The purpose of the workflow is to check that the Docker build succeeds and doesn't have
# new vulnerabilities. It only runs on Dependabot PRs because for human PRs we want the
# tag and publish capability of the main build job.
on:
pull_request:
branches:
- main
jobs:
dependabot-build:
runs-on: ubuntu-latest
if: ${{ github.actor == 'dependabot[bot]' }}
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build image
uses: docker/build-push-action@v6
with:
push: false
load: true
tags: |
${{ github.event.repository.name }}
cache-from: type=gha
- name: Run Trivy vulnerability scanner
uses: broadinstitute/dsp-appsec-trivy-action@v1
with:
image: ${{ github.event.repository.name }}