-
Notifications
You must be signed in to change notification settings - Fork 25
executable file
·59 lines (49 loc) · 2.15 KB
/
docker-image.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
name: Build and Push Docker Image
on:
push:
branches:
- master
steps:
- name: Install Trivy
uses: aquasecurity/[email protected]
jobs:
build:
runs-on: ubuntu-latest
steps:
# Step 1: Checkout the code from the repository
- name: Checkout code
uses: actions/checkout@v3
# Step 2: Set up Docker Buildx for advanced building capabilities
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
# Step 3: Cache Docker layers to improve build time
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
# Step 4: Build the Docker image
- name: Build Docker image
run: |
docker build -t ${{ secrets.DOCKER_USERNAME }}/bitlbee:${{ github.sha }} .
# Step 5: Security scan with Trivy
- name: Scan Docker image for vulnerabilities with Trivy
uses: aquasecurity/[email protected]
with:
image: ${{ secrets.DOCKER_USERNAME }}/bitlbee:${{ github.sha }}
format: 'table' # This will show the results in a table format (can also use json or html)
exit-code: '1' # Fail the build if vulnerabilities are found (optional)
severity: 'CRITICAL,HIGH' # Only check for critical and high severity vulnerabilities
# Step 6: Push Docker image to Docker Hub
- name: Push Docker image to Docker Hub
run: |
docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
docker push ${{ secrets.DOCKER_USERNAME }}/bitlbee:${{ github.sha }}
# Step 7: Push Docker image to GitHub Container Registry
- name: Push Docker image to GitHub Container Registry
run: |
docker login ghcr.io -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }}
docker tag ${{ secrets.DOCKER_USERNAME }}/bitlbee:${{ github.sha }} ghcr.io/${{ github.repository_owner }}/bitlbee:${{ github.sha }}
docker push ghcr.io/${{ github.repository_owner }}/bitlbee:${{ github.sha }}