Removed context and added build with export to docker to make image a…

…vailable to docker client for Trivy
nmofonseca · Jun 1, 2024 · 5818de4 · 5818de4
1 parent 7e15365
commit 5818de4
Showing 1 changed file with 30 additions and 19 deletions.
diff --git a/.github/workflows/image-build.yml b/.github/workflows/image-build.yml
@@ -25,8 +25,36 @@ jobs:
             - name: Set up Docker Buildx
               uses: docker/setup-buildx-action@v3
 
+            # Build for security scanning with Trivy
+            - name: Build and export to Docker
+              uses: docker/build-push-action@v5
+              with:
+                push: false
+                load: true # Export to Docker Engine rather than pushing to a registry
+                tags: ${{ github.run_id }}
+                target: test
+                cache-from: type=gha
+                cache-to: type=gha,mode=max
+                platforms: linux/amd64
+
+
+            # Run CVE scanning with Trivy
+            - name: Run Trivy for all CVEs (non-blocking)
+              uses: aquasecurity/trivy-action@master
+              with:
+                image-ref: ${{ github.run_id }}
+                exit-code: 0
+                format: table 
+
+            # Adding docker hub login
+            - name: Login to Docker Hub
+              uses: docker/login-action@v3
+              with:
+                username: ${{ secrets.DOCKERHUB_USERNAME }}
+                password: ${{ secrets.DOCKERHUB_TOKEN }}
+
             # Adding docker meta data for tagging and versioning
-            - name: Docker meta
+            - name: Docker Metadata for Final Image Build
               id: docker_meta
               uses: docker/metadata-action@v5
               with:
@@ -40,13 +68,6 @@ jobs:
                     type=ref,event=branch
                     type=semver,pattern={{version}}
 
-            # Adding docker hub login
-            - name: Login to Docker Hub
-              uses: docker/login-action@v3
-              with:
-                username: ${{ secrets.DOCKERHUB_USERNAME }}
-                password: ${{ secrets.DOCKERHUB_TOKEN }}
-
             
             ## Totally optional, but if you want to add the image tags to the PR comments you can use the following steps
             # If PR, put image tags in the PR comments
@@ -83,19 +104,9 @@ jobs:
             - name: Docker build
               uses: docker/build-push-action@v5
               with:
-                push: ${{ github.event_name != 'pull_request' }}
-                context: "{{defaultContext}}"
+                push: true
                 platforms: linux/amd64,linux/arm64
                 tags: ${{ steps.docker_meta.outputs.tags }}
                 labels: ${{ steps.docker_meta.outputs.labels }}
                 cache-from: type=gha
                 cache-to: type=gha,mode=max
-
-
-            # Run CVE scanning with Trivy
-            - name: Run Trivy for all CVEs (non-blocking)
-              uses: aquasecurity/trivy-action@master
-              with:
-                image-ref: ${{  steps.docker_meta.outputs.tags }}
-                exit-code: 0
-                format: table