Update Github Actions #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, push and scan Docker image | ||
| # on: | ||
| # push: | ||
| # paths: | ||
| # - "poc-prerequisite/kubescape-sizing-checker/Dockerfile" | ||
| # - "poc-prerequisite/kubescape-sizing-checker/cmd" | ||
| # - "poc-prerequisite/kubescape-sizing-checker/pkg" | ||
| # - "poc-prerequisite/kubescape-sizing-checker/go.mod" | ||
| # - "poc-prerequisite/kubescape-sizing-checker/go.sum" | ||
| # workflow_dispatch: | ||
| on: [push, pull_request, workflow_dispatch] | ||
| jobs: | ||
| build-and-scan: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Check out repository | ||
| uses: actions/checkout@v3 | ||
| # - name: Log in to Quay.io | ||
| # uses: docker/login-action@v2 | ||
| # with: | ||
| # registry: quay.io | ||
| # username: ${{ secrets.QUAY_USERNAME }} # or a robot account username | ||
| # password: ${{ secrets.QUAY_PASSWORD }} # or a robot account token | ||
| # - name: Set up QEMU (for multi-platform support) | ||
| # uses: docker/setup-qemu-action@v2 | ||
| # - name: Set up Docker Buildx | ||
| # uses: docker/setup-buildx-action@v2 | ||
| # - name: Build and push multi-platform Docker image | ||
| # id: build-image | ||
| # run: | | ||
| # # Generate a short commit SHA for a unique tag | ||
| # SHORT_SHA="${GITHUB_SHA:0:7}" | ||
| # # Create and use a new buildx builder (if needed) | ||
| # docker buildx create --use | ||
| # # Build and push multi-architecture images | ||
| # docker buildx build \ | ||
| # --platform linux/amd64,linux/arm64 \ | ||
| # -t quay.io/danvid/kubescape-sizing-checker:latest \ | ||
| # -t quay.io/danvid/kubescape-sizing-checker:${SHORT_SHA} \ | ||
| # --push \ | ||
| # ./poc-prerequisite/kubescape-sizing-checker | ||
| - name: Install Kubescape | ||
| run: | | ||
| curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash | ||
| - name: Run Kubescape to scan image | ||
| run: | | ||
| # $HOME/.kubescape/bin/kubescape scan image quay.io/danvid/kubescape-sizing-checker:latest \ | ||
| $HOME/.kubescape/bin/kubescape scan image nginx:latest \ | ||
| --severity-threshold critical \ | ||
| --format sarif \ | ||
| --output results-image.sarif | ||
| - name: Upload image scan results to GitHub Code Scanning | ||
| uses: github/codeql-action/upload-sarif@v3 | ||
| with: | ||
| sarif_file: results-image.sarif | ||
| category: image-scan | ||
