Skip to content
CI Pipeline

adding lab files #1

Sign in to view logs

adding lab files

adding lab files #1

Workflow file for this run

.github/workflows/ci.yml at 0fcf37f
name: CI Pipeline
on:
push:
branches:
- main
pull_request:
jobs:
build:
name: Build Docker Image
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Log in to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and Push Docker Image
run: |
docker build -t ${{ secrets.DOCKER_USERNAME }}/container-security-lab:latest .
docker push ${{ secrets.DOCKER_USERNAME }}/container-security-lab:latest
trivy:
name: Run Trivy Scan
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v3
- name: Install Trivy
run: |
sudo apt-get install wget
wget https://github.com/aquasecurity/trivy/releases/download/v0.40.0/trivy_0.40.0_Linux-64bit.deb
sudo dpkg -i trivy_0.40.0_Linux-64bit.deb
- name: Run Trivy Scan
run: |
trivy image ${{ secrets.DOCKER_USERNAME }}/container-security-lab:latest
codeql:
name: Run CodeQL SAST
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- name: Checkout Code
uses: actions/checkout@v3
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: javascript
- name: Autobuild
uses: github/codeql-action/autobuild@v2
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
sign:
name: Sign Docker Image with Cosign
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v3
- name: Install Cosign
run: |
curl -LO https://github.com/sigstore/cosign/releases/download/v1.13.1/cosign-linux-amd64
chmod +x cosign-linux-amd64
sudo mv cosign-linux-amd64 /usr/local/bin/cosign
- name: Sign Docker Image
env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
run: |
cosign sign --key cosign.key ${{ secrets.DOCKER_USERNAME }}/container-security-lab:latest
validate-signature:
name: Validate Docker Image Signature
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v3
- name: Install Cosign
run: |
curl -LO https://github.com/sigstore/cosign/releases/download/v1.13.1/cosign-linux-amd64
chmod +x cosign-linux-amd64
sudo mv cosign-linux-amd64 /usr/local/bin/cosign
- name: Verify Image Signature
run: |
cosign verify ${{ secrets.DOCKER_USERNAME }}/container-security-lab:latest