README: K8s scanning for vulnerabilities and misconfigurations #100
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: GIT Agent Docker Image CI | |
on: | |
push: | |
paths-ignore: | |
- '**.md' | |
- 'charts/**' | |
branches: | |
- 'main' | |
tags: | |
- 'v*.*.*' | |
pull_request: | |
branches: | |
- 'main' | |
env: | |
# Use docker.io for Docker Hub if empty | |
REGISTRY: ghcr.io | |
# github.repository as <account>/<repo> | |
IMAGE: ${{ github.repository }}/git-agent | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- | |
name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- | |
name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- uses: docker/setup-buildx-action@v1 | |
name: Set up Docker Buildx | |
- | |
name: Login to ghcr registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- | |
name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE }} | |
tags: | | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}} | |
latest # Add the "latest" tag | |
- | |
name: Build and push | |
uses: docker/build-push-action@v4 | |
with: | |
context: . | |
file: ./dockerfiles/agent/git/Dockerfile | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
build-args: | | |
"GITHUB_TOKEN=${{ secrets.TOKEN }}" | |
- | |
name: Build and push on PR | |
uses: docker/build-push-action@v4 | |
if: github.event_name == 'pull_request' | |
with: | |
context: . | |
file: ./dockerfiles/agent/git/Dockerfile | |
push: false | |
tags: ${{ env.REGISTRY }}/${{ env.IMAGE }}:pr-${{ github.event.pull_request.number }} | |
labels: ${{ steps.meta.outputs.labels }} | |
build-args: | | |
"GITHUB_TOKEN=${{ secrets.TOKEN }}" | |