Skip to content
build scan workflow

ser #65

Sign in to view logs

ser

ser #65

Workflow file for this run

.github/workflows/ci-build.yaml at 4cfa23b
name: build scan workflow
on:
push:
branches:
- main
env:
current_branch: ${{ github.ref }}
job_id: ${{ github.run_number }}
sha: ${{ github.sha }}
cd_token: ${{ secrets.cd_token }}
jobs:
build:
name: Build Image
runs-on: ubuntu-latest
environment: dev
steps:
- uses: actions/checkout@v3
- name: git-checkout
run: |
echo "git-checkout done"
- name: create a custom tag
run: echo "IMG_TAG=$(echo $GITHUB_SHA | cut -c 1-6)"-$job_id >> $GITHUB_ENV
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push
uses: docker/build-push-action@v5
with:
push: false
tags: welcome-app:${{ env.IMG_TAG }}, welcome-app:latest
load: true
# Image Scan
# - name: Scan for vulnerabilities with KSOC
# if: always() # run this step always
# uses: ksoclabs/[email protected]
# with:
# fail_on_severity: critical
# image: welcome-app:${{ env.IMG_TAG }}
# - name: Scan for vulnerabilities with crazy-max
# if: always() # run this step always
# uses: crazy-max/ghaction-container-scan@v3
# with:
# image: welcome-app:${{ env.IMG_TAG }}
# severity_threshold: HIGH
# dockerfile: ./Dockerfile
# - name: Scan for vulnerabilities with Trivy
# uses: aquasecurity/trivy-action@master
# with:
# image-ref: welcome-app:${{ env.IMG_TAG }}
# format: 'table'
# exit-code: '1'
# ignore-unfixed: true
# vuln-type: 'os,library'
# severity: 'CRITICAL,HIGH'
- name: Update image tags
run: |
git config --unset-all http.https://github.com/.extraheader
git config --global user.email "[email protected]"
git config --global user.name "dev-user"
git clone https://Aadeshkale:${{ env.cd_token }}@github.com/Aadeshkale/kube-cd
cd kube-cd
sed -i 's|image:.*|image: 'welcome-app:${{ env.IMG_TAG }}'|' deployment.yaml
git add deployment.yaml
git commit -m "Tag updated by gitaction workflow"
git push