Merge pull request #3 from avnes/snyk-fix-a6bf2a1d9f6d20eca967e953a95… #11

Summary
Jobs
- test
- push
Run details
- Usage
- Workflow file

Workflow file for this run

	name: Docker

	on:
	push:
	branches:
	- main
	paths-ignore:
	- '.github/**'

	release:
	types: [published]

	pull_request:
	branches:
	- main
	paths-ignore:
	- '.github/**'

	workflow_dispatch:

	jobs:
	test:
	runs-on: ubuntu-latest

	steps:
	- name: Dynamically find the image name
	id: get-image-name
	run: \|
	image_name=$(echo $GITHUB_REPOSITORY \| cut -d '/' -f2 \| sed -r 's/docker-//')
	echo "::set-output name=image_name::$image_name"

	- name: Checkout source code
	uses: actions/checkout@v2

	- name: Run tests
	run: \|
	if [ -f docker-compose.test.yml ]; then
	docker-compose --file docker-compose.test.yml build
	docker-compose --file docker-compose.test.yml run sut
	else
	docker build . --file Dockerfile --tag ${{ steps.get-image-name.outputs.image_name }}
	fi

	- name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
	uses: anchore/scan-action@v3
	id: scan
	with:
	image: "${{ steps.get-image-name.outputs.image_name }}"
	acs-report-enable: true
	fail-build: false
	severity-cutoff: high

	- name: Upload Anchore Scan Report
	uses: github/codeql-action/upload-sarif@v1
	with:
	sarif_file: ${{ steps.scan.outputs.sarif }}

	push:
	needs: test

	runs-on: ubuntu-latest
	if: github.event_name == 'push' \|\| github.event_name == 'release'

	permissions:
	contents: read
	packages: write

	steps:
	- name: Dynamically find the image name
	id: get-image-name
	run: \|
	image_name=$(echo $GITHUB_REPOSITORY \| cut -d '/' -f2 \| sed -r 's/docker-//')
	echo "::set-output name=image_name::$image_name"

	- name: Checkout source code
	uses: actions/checkout@v2

	- name: Build image
	run: docker build . --file Dockerfile --tag ${{ steps.get-image-name.outputs.image_name }}

	- name: Log into registry
	run: echo "${{ secrets.GITHUB_TOKEN }}" \| docker login ghcr.io -u ${{ github.actor }} --password-stdin

	- name: Push image
	run: \|
	IMAGE_ID=ghcr.io/${{ github.repository_owner }}/${{ steps.get-image-name.outputs.image_name }}

	# Change all uppercase to lowercase
	IMAGE_ID=$(echo $IMAGE_ID \| tr '[A-Z]' '[a-z]')

	# Strip git ref prefix from version
	VERSION=$(echo "${{ github.ref }}" \| sed -e 's,./$.$,\1,')

	# Strip "v" prefix from tag name
	[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION \| sed -e 's/^v//')

	# Use Docker `latest` tag convention
	[ "$VERSION" == "main" ] && VERSION=latest

	echo IMAGE_ID=$IMAGE_ID
	echo VERSION=$VERSION

	docker tag ${{ steps.get-image-name.outputs.image_name }} $IMAGE_ID:$VERSION
	docker push $IMAGE_ID:$VERSION

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #3 from avnes/snyk-fix-a6bf2a1d9f6d20eca967e953a95… #11

Workflow file

Merge pull request #3 from avnes/snyk-fix-a6bf2a1d9f6d20eca967e953a95… #11

Jobs

Run details

Workflow file for this run