arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2025-05-08 18:08:55 +00:00
Code Issues Releases Wiki Activity

chore: build and push action for ecr and docker (#790)

Browse Source 
Co-authored-by: Carol Valencia <krol3@users.noreply.github.com>
This commit is contained in:
Carol Valencia 2020-12-27 02:43:30 -05:00 committed by GitHub
parent 6452df7c7f
commit 888c912847
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 31 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
.github/workflows/publish-ecr.yml vendored
View File

@ -1,37 +0,0 @@
name: Publish-ECR
on:
push:
tags:
- "v*"
jobs:
deploy:
name: Publish to Amazon ECR
runs-on: ubuntu-18.04
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Checkout code
uses: actions/checkout@v2
- name: Install AWS Cli 2.0
run: |
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
- name: Get the version
id: vars
run: echo ::set-output name=tag::$(echo ${GITHUB_REF:10})
- name: Publish to ECR
env:
IMAGE_TAG: ${{steps.vars.outputs.tag}}
REP_NAME: kube-bench
ALIAS: aquasecurity
run: |
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/$ALIAS
docker build -t $REP_NAME:$IMAGE_TAG .
docker tag $REP_NAME:$IMAGE_TAG public.ecr.aws/$ALIAS/$REP_NAME:$IMAGE_TAG
docker push public.ecr.aws/$ALIAS/$REP_NAME:$IMAGE_TAG

49
.github/workflows/publish.yml vendored
View File

@ -1,8 +1,12 @@
---
name: Publish name: Publish
on: on:
push: push:
tags: tags:
- "v*" - "v*"
env:
ALIAS: aquasecurity
REP: kube-bench
jobs: jobs:
publish: publish:
name: Publish name: Publish
@ -12,41 +16,50 @@ jobs:
uses: actions/checkout@v2 uses: actions/checkout@v2
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v1 uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
- name: Cache Docker layers - name: Cache Docker layers
uses: actions/cache@v2 uses: actions/cache@v2
with: with:
path: /tmp/.buildx-cache path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }} key: ${{ runner.os }}-buildxarch-${{ github.sha }}
restore-keys: | restore-keys: |
${{ runner.os }}-buildx- ${{ runner.os }}-buildxarch-
- name: Login to Docker Hub - name: Login to Docker Hub
uses: docker/login-action@v1 uses: docker/login-action@v1
with: with:
username: ${{ secrets.DOCKER_HUB_USERNAME }} username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Set up Docker Buildx - name: Login to ECR
id: buildx uses: docker/login-action@v1
uses: docker/setup-buildx-action@v1 with:
- name: Docker meta registry: public.ecr.aws
id: docker_meta username: ${{ secrets.ECR_ACCESS_KEY_ID }}
password: ${{ secrets.ECR_SECRET_ACCESS_KEY }}
- name: Get version
id: get_version
uses: crazy-max/ghaction-docker-meta@v1 uses: crazy-max/ghaction-docker-meta@v1
with: with:
images: aquasec/kube-bench images: ${{ env.REP }}
tag-semver: | tag-semver: |
{{version}} {{version}}
- name: Build and push
- name: Build and push - Docker/ECR
id: docker_build id: docker_build
uses: docker/build-push-action@v2 uses: docker/build-push-action@v2
with: with:
context: ./ context: .
file: ./Dockerfile platforms: linux/amd64
platforms: linux/amd64,linux/arm64,linux/386
builder: ${{ steps.buildx.outputs.name }} builder: ${{ steps.buildx.outputs.name }}
push: true push: true
tags: | tags: |
${{ steps.docker_meta.outputs.tags }} ${{ secrets.DOCKERHUB_USER }}/${{ env.REP }}:${{ steps.get_version.outputs.version }}
cache-from: type=local,src=/tmp/.buildx-cache public.ecr.aws/${{ env.ALIAS }}/${{ env.REP }}:${{ steps.get_version.outputs.version }}
cache-to: type=local,dest=/tmp/.buildx-cache ${{ secrets.DOCKERHUB_USER }}/${{ env.REP }}:latest
labels: ${{ steps.docker_meta.outputs.labels }} public.ecr.aws/${{ env.ALIAS }}/${{ env.REP }}:latest
cache-from: type=local,src=/tmp/.buildx-cache/release
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache/release
- name: Image digest - name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }} run: echo ${{ steps.docker_build.outputs.digest }}