Skip to content

build: make the Docker image building reproducible by using Macaron’s… #583

build: make the Docker image building reproducible by using Macaron’s…

build: make the Docker image building reproducible by using Macaron’s… #583

Triggered via push April 20, 2026 05:53
Status Success
Total duration 45m 48s
Artifacts 5

release.yaml

on: push
Matrix: build / Build Macaron
Waiting for pending jobs
Matrix: check / Build Macaron
build  /  ...  /  build-docker
build / build_docker_image / build-docker
check  /  ...  /  build-docker
15m 48s
check / build_docker_image / build-docker
build  /  ...  /  Analyzing and comparing different versions of an artifact
build / build_docker_image / test-macaron-action / Analyzing and comparing different versions of an artifact
build  /  ...  /  Detecting Java dependencies manually uploaded to Maven Central
build / build_docker_image / test-macaron-action / Detecting Java dependencies manually uploaded to Maven Central
build  /  ...  /  Detecting malicious packages
build / build_docker_image / test-macaron-action / Detecting malicious packages
build  /  ...  /  Exclude and include checks in Macaron
build / build_docker_image / test-macaron-action / Exclude and include checks in Macaron
build  /  ...  /  How to detect vulnerable GitHub Actions
build / build_docker_image / test-macaron-action / How to detect vulnerable GitHub Actions
build  /  ...  /  How to detect vulnerable GitHub Actions
build / build_docker_image / test-macaron-action / How to detect vulnerable GitHub Actions
build  /  ...  /  How to detect vulnerable GitHub Actions
build / build_docker_image / test-macaron-action / How to detect vulnerable GitHub Actions
build  /  ...  /  Provenance discovery, extraction, and verification
build / build_docker_image / test-macaron-action / Provenance discovery, extraction, and verification
check  /  ...  /  Analyzing and comparing different versions of an artifact
1m 23s
check / build_docker_image / test-macaron-action / Analyzing and comparing different versions of an artifact
check  /  ...  /  Detecting malicious packages
2m 58s
check / build_docker_image / test-macaron-action / Detecting malicious packages
check  /  ...  /  How to detect vulnerable GitHub Actions
1m 19s
check / build_docker_image / test-macaron-action / How to detect vulnerable GitHub Actions
check  /  ...  /  Provenance discovery, extraction, and verification
2m 20s
check / build_docker_image / test-macaron-action / Provenance discovery, extraction, and verification
check  /  ...  /  Detecting Java dependencies manually uploaded to Maven Central
46s
check / build_docker_image / test-macaron-action / Detecting Java dependencies manually uploaded to Maven Central
check  /  ...  /  Exclude and include checks in Macaron
2m 36s
check / build_docker_image / test-macaron-action / Exclude and include checks in Macaron
check  /  ...  /  How to detect vulnerable GitHub Actions
50s
check / build_docker_image / test-macaron-action / How to detect vulnerable GitHub Actions
check  /  ...  /  How to detect vulnerable GitHub Actions
1m 4s
check / build_docker_image / test-macaron-action / How to detect vulnerable GitHub Actions
Release
Release
Deploy GitHub pages  /  deploy
Deploy GitHub pages / deploy
Rebase main branch on release  /  rebase
Rebase main branch on release / rebase
Fit to window
Zoom out
Zoom in

Artifacts

Produced during runtime
Name Size Digest
artifact-ubuntu-latest-python-3.11 Expired
60.3 MB
sha256:dcc6e32922f488a317afd26f782a0126dd1bff49a44969039a0af3a7bad65b65
macaron-reports-vulnerable-actions-purl
35.5 KB
sha256:043b6c882d828404e1cd3f7bc494f56d36a2d3096612708f7753b73dc6fbf791
macaron-reports-vulnerable-actions-repo
21 KB
sha256:d8185b69cc199e20dce248b6316a7af5595d5fa76dee18affcda18de25d12642
macaron-test-image Expired
377 MB
sha256:b4c6d4e188e069e56358dcaa5c13dc4355dc9cfc8f7a103af6f8627023dd4772
macaron-vulnerable-actions-fail-diagnosis
22.2 KB
sha256:0afb668d4737332abbde860d2db95043ae6d31d1e6dfcf880750b05254f4f185