Skip to content

feat(ci): publish versioned Docker image with vulnerability scanning #34

Description

@trinhvandat

Context (P1 — delivery)

CI only runs tests. There is no released artifact: no image publish, no image/dependency scanning, no automated dependency updates.

Scope

Acceptance criteria

  • Tagged release produces a pullable GHCR image with semver tags
  • Trivy gate blocks HIGH/CRITICAL vulnerabilities
  • Dependabot opens PRs for Maven/Actions updates
  • Coverage ratchet raised to current actual coverage floor

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions