-
Notifications
You must be signed in to change notification settings - Fork 0
63 lines (61 loc) · 2.19 KB
/
build_image.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
on:
workflow_call:
inputs:
docker_build_args:
required: false
type: string
docker_file_path:
required: false
default: "./"
type: string
image_name:
required: true
type: string
static_tag:
required: false
type: string
default: ""
vuln_scan:
required: false
type: boolean
default: false
secrets:
dockerhub_user:
required: true
dockerhub_token:
required: true
jobs:
build_and_push:
runs-on: ubuntu-latest
steps:
- name: Checkout the repo
uses: actions/checkout@v2
- name: Build the image
run: docker build -t ${{ inputs.image_name }}:${{ github.sha }} --build-arg VERSION=${{ github.ref_name }} ${{ inputs.docker_build_args }} ${{ inputs.docker_file_path }}
- name: Scan image for vulnerabilities
uses: anchore/scan-action@v5
with:
image: "${{ inputs.image_name }}:${{ github.sha }}"
fail-build: true
severity-cutoff: "high"
cache-db: true
if: "${{ inputs.vuln_scan }}"
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.dockerhub_user }}
password: ${{ secrets.dockerhub_token }}
- name: Push image with commit SHA
run: docker push ${{ inputs.image_name }}:${{ github.sha }}
- name: Tag image with tag
if: "startsWith(github.ref, 'refs/tags/')"
run: docker tag ${{ inputs.image_name }}:${{ github.sha }} ${{ inputs.image_name }}:${{ github.ref_name }}
- name: Push image with tag
if: "startsWith(github.ref, 'refs/tags/')"
run: docker push ${{ inputs.image_name }}:${{ github.ref_name }}
- name: Tag image with static tag
if: "${{ inputs.static_tag != '' && github.ref == 'refs/heads/main'}}"
run: docker tag ${{ inputs.image_name }}:${{ github.sha }} ${{ inputs.image_name }}:${{ inputs.static_tag }}
- name: Push image with static tag
if: "${{ inputs.static_tag != '' && github.ref == 'refs/heads/main'}}"
run: docker push ${{ inputs.image_name }}:${{ inputs.static_tag }}