Skip to content

Build consul-template #185

Build consul-template

Build consul-template #185

Workflow file for this run

---
name: consul-template
run-name: Build consul-template
on:
pull_request:
paths:
- 'pipelines/dockerfiles/consul-template/**'
- .github/workflows/consul-template.yml
branches: [ master ]
push:
paths:
- 'pipelines/dockerfiles/consul-template/**'
- .github/workflows/consul-template.yml
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-22.04
permissions:
security-events: write
defaults:
run:
working-directory: pipelines/dockerfiles/consul-template
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: Docker login
env:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
run: make login
- name: Docker build
run: make build
- name: Docker tag
run: make tag
- name: Run trivy scan
uses: aquasecurity/[email protected]
with:
image-ref: constantin07/consul-template:latest
format: sarif
output: trivy-results.sarif
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: trivy-results.sarif
- name: Docker push
run: make push
checkov:
runs-on: ubuntu-22.04
permissions:
security-events: write
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: Run Checkov action
uses: bridgecrewio/checkov-action@master
with:
directory: pipelines/dockerfiles/consul-template
framework: dockerfile
skip_check: CKV_DOCKER_2
output_format: sarif
output_file_path: checkov-results.sarif
soft_fail: true
- name: Upload Checkov results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: checkov-results.sarif