-
Notifications
You must be signed in to change notification settings - Fork 6
62 lines (50 loc) · 1.71 KB
/
docker_build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
on: [push]
jobs:
build:
name: Build docker image
runs-on: ubuntu-latest
environment:
name: plugin-development
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push Docker image
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
with:
context: .
file: ./Dockerfile
push: false
tags: debug:latest
load: true
- name: check local images
run: docker images
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_REGION }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Scan artifact with Inspector
uses: ./ # Uses an action in the root directory
id: inspector
with:
artifact_type: 'container'
artifact_path: 'debug:latest'
output_sbom_path: 'debug_sbom.json'
output_inspector_scan_path: 'debug_scan.json'
- name: Demonstrate SBOM Output
run: cat ${{ steps.inspector.outputs.artifact_sbom }}
- name: Demonstrate Inspector Scan Output
run: cat ${{ steps.inspector.outputs.inspector_scan_results }}
- name: Upload Inspector Scan Results
uses: actions/upload-artifact@v4
continue-on-error: true
with:
name: Inspector Scan SBOM Results
path: |
debug_sbom.json
debug_scan.json