forked from Jose-Matsuda/kube-sidecar-injector
-
Notifications
You must be signed in to change notification settings - Fork 1
71 lines (64 loc) · 2.54 KB
/
build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# This workflow will build a docker container, publish it to Azure Container Registry, and deploy it to Azure Kubernetes Service using a helm chart.
#
# https://github.com/Azure/actions-workflow-samples/tree/master/Kubernetes
#
# To configure this workflow:
#
# 1. Set up the following secrets in your workspace:
# a. REGISTRY_USERNAME with ACR username
# b. REGISTRY_PASSWORD with ACR Password
#
# 2. Change the values for the REGISTRY_NAME environment variables (below).
name: build
on:
pull_request:
types:
- 'opened'
- 'synchronize'
- 'reopened'
# Environment variables available to all jobs and steps in this workflow
env:
REGISTRY_NAME: k8scc01covidacr
TRIVY_VERSION: "v0.43.1"
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
jobs:
build:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
- uses: actions/checkout@master
# Connect to Azure Container registry (ACR)
- uses: azure/docker-login@v1
with:
login-server: ${{ env.REGISTRY_NAME }}.azurecr.io
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
# Container build
- run: |
docker build -f Dockerfile -t localhost:5000/filer-sidecar:${{ github.sha }} .
docker push localhost:5000/filer-sidecar:${{ github.sha }}
docker image prune
# Scan image for vulnerabilities
#- name: Aqua Security Trivy image scan
# run: |
# curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin ${{ env.TRIVY_VERSION }}
# trivy image localhost:5000/filer-sidecar:${{ github.sha }} --exit-code 1 --timeout=20m --security-checks vuln --severity CRITICAL
- name: Test if we should push to ACR
id: should-i-push
if: |
github.event_name == 'push' ||
(
github.event_name == 'pull_request' &&
contains( github.event.pull_request.labels.*.name, 'auto-deploy')
)
run: echo 'boolean=true' >> $GITHUB_OUTPUT
- name: Push image to registry
if: steps.should-i-push.outputs.boolean == 'true'
run: |
docker pull localhost:5000/filer-sidecar:${{ github.sha }}
docker tag localhost:5000/filer-sidecar:${{ github.sha }} ${{ env.REGISTRY_NAME }}.azurecr.io/filer-sidecar:${{ github.sha }}
docker push ${{ env.REGISTRY_NAME }}.azurecr.io/filer-sidecar:${{ github.sha }}