-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Create composite actions to build and scan image
- Loading branch information
1 parent
6931d1a
commit 9377936
Showing
8 changed files
with
96 additions
and
56 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| name: "Build and Verify Image" | ||
| description: Common action to build and verify SimpleRisk Docker images | ||
|
|
||
| inputs: | ||
| image_tag: | ||
| description: "Tag used to build the image" | ||
| context_path: | ||
| description: "Path to context" | ||
| dockerfile_path: | ||
| description: "Path to Dockerfile" | ||
|
|
||
| runs: | ||
| using: "composite" | ||
| steps: | ||
| - uses: docker/setup-buildx-action@v3 | ||
| - name: Build Docker container | ||
| uses: docker/build-push-action@v5 | ||
| with: | ||
| context: ${{inputs.context_path}} | ||
| file: ${{inputs.dockerfile_path}} | ||
| tags: ${{inputs.image_tag}} | ||
| - name: Scan vulnerabilities with Grype | ||
| uses: anchore/[email protected] | ||
| with: | ||
| image: ${{inputs.image_tag}} | ||
| only-fixed: true | ||
| severity-cutoff: critical |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| name: Full checkup for SimpleRisk Docker images | ||
|
|
||
| on: | ||
| pull_request: | ||
| branches: [ master ] | ||
|
|
||
| env: | ||
| IMAGE_TAG: "simplerisk/simplerisk:testing" | ||
| CONTEXT_PATH: "simplerisk/" | ||
| DOCKERFILE_PATH: "simplerisk/jammy/Dockerfile" | ||
| DOCKLE_HOST: "unix:///var/run/docker.sock" | ||
|
|
||
| jobs: | ||
| simplerisk-minimal-php81: | ||
| name: 'Verify simplerisk/simplerisk image based on Ubuntu 22.04 (Jammy)' | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/[email protected] | ||
| - name: Build and Verify Image | ||
| uses: ./.github/actions/build-and-verify-image | ||
| with: | ||
| image_tag: "${{ env.IMAGE_TAG }}" | ||
| context_path: "${{ env.CONTEXT_PATH }}" | ||
| dockerfile_path: "${{ env.DOCKERFILE_PATH }}" | ||
| # Having issues using this on the composite action above | ||
| - name: Run linter with Dockle | ||
| uses: erzz/[email protected] | ||
| with: | ||
| image: ${{inputs.image_tag}} | ||
| failure-threshold: FATAL | ||
| dockle-host: "unix:///var/run/docker.sock" |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| name: Full checkup for SimpleRisk Docker images | ||
|
|
||
| on: | ||
| pull_request: | ||
| branches: [ master ] | ||
|
|
||
| env: | ||
| IMAGE_TAG: "simplerisk/simplerisk-minimal:testing" | ||
| CONTEXT_PATH: "simplerisk-minimal/" | ||
| DOCKERFILE_PATH: "simplerisk-minimal/php81/Dockerfile" | ||
| DOCKLE_HOST: "unix:///var/run/docker.sock" | ||
|
|
||
| jobs: | ||
| simplerisk-minimal-php81: | ||
| name: 'Verify simplerisk/simplerisk-minimal image based on php:8.1-apache' | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/[email protected] | ||
| - name: Build and Verify Image | ||
| uses: ./.github/actions/build-and-verify-image | ||
| with: | ||
| image_tag: "${{ env.IMAGE_TAG }}" | ||
| context_path: "${{ env.CONTEXT_PATH }}" | ||
| dockerfile_path: "${{ env.DOCKERFILE_PATH }}" | ||
| # Having issues using this on the composite action above | ||
| - name: Run linter with Dockle | ||
| uses: erzz/[email protected] | ||
| with: | ||
| image: ${{inputs.image_tag}} | ||
| failure-threshold: FATAL | ||
| dockle-host: "unix:///var/run/docker.sock" |