Skip to content

ci: Update per Q3 audit findings (#159) #50

ci: Update per Q3 audit findings (#159)

ci: Update per Q3 audit findings (#159) #50

name: Release Integration Environment
on:
push:
branches: [ main ]
workflow_dispatch:
defaults:
run:
shell: bash
permissions:
contents: read
packages: write
env:
OWNER: hashgraph
REGISTRY: ghcr.io
jobs:
publish:
name: Publish
runs-on: smart-contracts-linux-medium
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Login to GitHub Container Registry
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Qemu
uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v3.1.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
with:
driver-opts: network=host
- name: Build and push images
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
with:
context: ./auth-layer-proxy
file: ./auth-layer-proxy/Dockerfile
cache-from: type=gha
cache-to: type=gha,mode=max
platforms: linux/amd64
push: true
tags: ${{ env.REGISTRY }}/${{ github.repository }}:auth-layer-proxy-main