59 lines
1.7 KiB
YAML
59 lines
1.7 KiB
YAML
name: Build base images (Generally from basin repo)
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
image_tag:
|
|
required: true
|
|
type: string
|
|
|
|
jobs:
|
|
docker-build-and-push:
|
|
|
|
runs-on: ubuntu-22.04 #ubuntu-latest
|
|
|
|
steps:
|
|
- id: get-id
|
|
name: Get a unique tag for this build
|
|
run: |
|
|
echo "DOCKER_IMAGE=${{ secrets.docker_repo2_registry }}/${{ github.repository }}:${{ inputs.image_tag }}" >> "$GITHUB_OUTPUT";
|
|
|
|
- name: Print image name
|
|
run: |
|
|
echo "${{ steps.get-id.outputs.DOCKER_IMAGE }}";
|
|
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Login to Docker Container Registry
|
|
# if: ${{ github.event_name == 'push' }}
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ secrets.docker_repo2_registry }}
|
|
username: ${{ secrets.docker_repo2_username }}
|
|
password: ${{ secrets.docker_repo2_password }}
|
|
|
|
- name: Build and push the Docker image
|
|
run: |
|
|
docker build \
|
|
--file context/Dockerfile \
|
|
--tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
|
|
./context;
|
|
|
|
- name: Container details
|
|
run: |
|
|
IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
|
|
echo "$IMAGE_SIZE container ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
|
|
|
|
- name: Scan Docker Image for vulnerabilities with Grype
|
|
uses: anchore/scan-action@v6
|
|
with:
|
|
image: ${{ steps.get-id.outputs.DOCKER_IMAGE }}
|
|
cache-db: true #Cache Grype DB in Github Actions
|
|
output-format: table
|
|
only-fixed: true
|
|
severity-cutoff: critical
|
|
fail-build: true
|
|
|
|
- name: Push the container image
|
|
run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}
|