fix: Dockerfile to reduce vulnerabilities #116
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker Image CI | |
on: [push] | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
env: | |
TAG: "0.3" | |
IMAGE: "test-image" | |
TL_URL: ${{ secrets.tl_url }} | |
GH_USER: ${{ secrets.gh_user }} | |
GH_PASS: ${{ secrets.gh_pass }} | |
TL_USER: ${{ secrets.tl_user }} | |
TL_PASS: ${{ secrets.tl_pass }} | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Demo to use Secret env vars | |
run: | | |
echo ${TAG} | |
echo ${IMAGE} | |
echo ${GITHUB_RUN_NUMBER} | |
- name: Build the Docker image | |
run: | | |
docker build --tag "docker.pkg.github.com/macnicadevops/actions-demo/"${IMAGE}:${TAG} . | |
- name: Get twistcli (image scanner) | |
run: | | |
curl -u ${TL_USER}:${TL_PASS} --output twistcli ${TL_URL}"/api/v1/util/twistcli" | |
chmod +x twistcli | |
- name: Scan image | |
run: | | |
./twistcli images scan --details --address ${TL_URL} -u ${TL_USER} -p ${TL_PASS} --ci "docker.pkg.github.com/macnicadevops/actions-demo/"${IMAGE}:${TAG} | tee result.out | |
e=`cat result.out | grep -c "threshold check results: PASS"` | |
if [ $e -eq 2 ]; then | |
echo "Build Scan succeeded" | |
exit 0 | |
else | |
echo "Build failed" | |
exit 1 | |
fi | |
# ./twistcli images scan --details --address ${TL_URL} -u ${TL_USER} -p ${TL_PASS} --vulnerability-threshold ${TL_VULN} ${TL_FIX} --compliance-threshold ${TL_COMP} "docker.pkg.github.com/macnicadevops/actions-demo/"${IMAGE}:${TAG} | |
- name: Login to GH Packages | |
run: | | |
docker login docker.pkg.github.com -u ${GH_USER} -p ${GH_PASS} | |
- name: Publish image to GH Packages | |
run: | | |
docker push "docker.pkg.github.com/macnicadevops/actions-demo/"${IMAGE}:${TAG} |