Skip to content

Enhancement: Add CVE scanning to the release-docker-images.yml workflow #3054

New issue
New issue
Closed
Closed
Enhancement: Add CVE scanning to the release-docker-images.yml workflow#3054
#3057 (+2)
Assignees
JohnHalleyGotway
Labels
component: CI/CDContinuous integration and deployment issuescomponent: repository maintenanceRepository maintenance issuepriority: mediumMedium Priorityreporting: DTC AF METplusAir Force METplus Projectrequestor: USAFUnited States Air Forcetype: enhancementImprove something that it is currently doing
Milestone
METplus-6.1.0
@JohnHalleyGotway

Description

@JohnHalleyGotway
JohnHalleyGotway
opened on Jul 15, 2025

Describe the Enhancement

Issue dtcenter/MET#3198 added CVE scanning to the MET release-docker-images.yml workflow. This issue is to make the same change for METplus. This issue includes:

  1. Adding call to grype in the existing release-docker-images.yml workflow to scan for CVEs.
  2. Enhancing it to support a matrix of versions so that a single run can recreate images for multiple verisons.
  3. Creating a Docker Hub token to push images with GitHub actions to the dtcenter/METplus Docker Hub repository.
  4. Updating the METplus Release Guide to add another step when creating official and bugfix releases to review and update the list of software versions that are automatically recreated by the release-docker-images.yml workflow.

Time Estimate

4 hours.

Sub-Issues

Consider breaking the enhancement down into sub-issues.

Relevant Deadlines

List relevant project deadlines here or state NONE.

Funding Source

PRJ013851 AF METPLUS 2771025

Define the Metadata

Assignee

  • Select engineer(s) or no engineer required
  • Select scientist(s) or no scientist required

Labels

  • Review default alert labels
  • Select component(s)
  • Select priority
  • Select requestor(s)

Milestone and Projects

  • Select Milestone as a METplus-Wrappers-X.Y.Z version, Consider for Next Release, or Backlog of Development Ideas
  • For a METplus-Wrappers-X.Y.Z version, select the METplus-Wrappers-X.Y.Z Development project

Define Related Issue(s)

Consider the impact to the other METplus components.

Enhancement Checklist

See the METplus Workflow for details.

  • Complete the issue definition above, including the Time Estimate and Funding Source.
  • Fork this repository or create a branch of develop.
    Branch name: feature_<Issue Number>_<Description>
  • Complete the development and test your changes.
  • Add/update log messages for easier debugging.
  • Add/update unit tests.
  • Add/update documentation.
  • Add any new Python packages to the METplus Components Python Requirements table.
  • For any new datasets, an entry to the METplus Verification Datasets Guide.
  • Push local changes to GitHub.
  • Submit a pull request to merge into develop.
    Pull request: feature <Issue Number> <Description>
  • Define the pull request metadata, as permissions allow.
    Select: Reviewer(s) and Development issue
    Select: Milestone as the next official version
    Select: METplus-Wrappers-X.Y.Z Development project for development toward the next official release
  • Iterate until the reviewer(s) accept and merge your changes.
  • Delete your fork or branch.
  • Close this issue.

Metadata

Metadata

Assignees

Labels

component: CI/CDContinuous integration and deployment issuescomponent: repository maintenanceRepository maintenance issuepriority: mediumMedium Priorityreporting: DTC AF METplusAir Force METplus Projectrequestor: USAFUnited States Air Forcetype: enhancementImprove something that it is currently doing

Type

No type

Projects

Coordinated METplus-6.0 Support

Status

🏁 Done
METplus-6.2 Development

Status

🏁 Done

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions