1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-22 14:48:07 +00:00

feat: github actions to publish ecr and docker (#782)

* feat: github actions to publish ecr and docker

* fix: yaml lint in build

Co-authored-by: Carol Valencia <krol3@users.noreply.github.com>
This commit is contained in:
Carol Valencia 2020-12-21 06:10:02 -05:00 committed by GitHub
parent ecdd0b4158
commit abe0954dcb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 167 additions and 0 deletions

38
.github/workflow/build.yml vendored Normal file
View File

@ -0,0 +1,38 @@
name: Build
on:
push:
branches:
- main
paths-ignore:
- "*.md"
- "LICENSE"
- "NOTICE"
pull_request:
paths-ignore:
- "*.md"
- "LICENSE"
- "NOTICE"
jobs:
build:
name: Build
runs-on: ubuntu-18.04
steps:
- name: Setup Go
uses: actions/setup-go@v1
with:
go-version: 1.15
- name: Checkout code
uses: actions/checkout@v2
- name: yaml-lint
uses: ibiqlik/action-yamllint@v3
- name: Run unit tests
run: make tests
- name: Upload code coverage
uses: codecov/codecov-action@v1
with:
file: ./coverage.txt
- name: Dry-run release snapshot
uses: goreleaser/goreleaser-action@v2
with:
version: v0.148.0
args: release --snapshot --skip-publish --rm-dist

37
.github/workflow/publish-ecr.yml vendored Normal file
View File

@ -0,0 +1,37 @@
name: Publish-ECR
on:
push:
tags:
- "v*"
jobs:
deploy:
name: Publish to Amazon ECR
runs-on: ubuntu-18.04
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Checkout code
uses: actions/checkout@v2
- name: Install AWS Cli 2.0
run: |
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
- name: Get the version
id: vars
run: echo ::set-output name=tag::$(echo ${GITHUB_REF:10})
- name: Publish to ECR
env:
IMAGE_TAG: ${{steps.vars.outputs.tag}}
REP_NAME: kube-bench
ALIAS: aquasecurity
run: |
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/$ALIAS
docker build -t $REP_NAME:$IMAGE_TAG .
docker tag $REP_NAME:$IMAGE_TAG public.ecr.aws/$ALIAS/$REP_NAME:$IMAGE_TAG
docker push public.ecr.aws/$ALIAS/$REP_NAME:$IMAGE_TAG

52
.github/workflow/publish.yml vendored Normal file
View File

@ -0,0 +1,52 @@
name: Publish
on:
push:
tags:
- "v*"
jobs:
publish:
name: Publish
runs-on: ubuntu-18.04
steps:
- name: Check Out Repo
uses: actions/checkout@v2
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Cache Docker layers
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
- name: Docker meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
with:
images: aquasec/kube-bench
tag-semver: |
{{version}}
- name: Build and push
id: docker_build
uses: docker/build-push-action@v2
with:
context: ./
file: ./Dockerfile
platforms: linux/amd64,linux/arm64,linux/386
builder: ${{ steps.buildx.outputs.name }}
push: true
tags: |
${{ steps.docker_meta.outputs.tags }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
labels: ${{ steps.docker_meta.outputs.labels }}
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}

29
.github/workflow/release.yml vendored Normal file
View File

@ -0,0 +1,29 @@
name: Release
on:
push:
tags:
- "v*"
jobs:
release:
name: Release
runs-on: ubuntu-18.04
steps:
- name: Setup Go
uses: actions/setup-go@v1
with:
go-version: 1.15
- name: Checkout code
uses: actions/checkout@v2
- name: Run unit tests
run: make tests
- name: Upload code coverage
uses: codecov/codecov-action@v1
with:
file: ./coverage.txt
- name: Release
uses: goreleaser/goreleaser-action@v2
with:
version: v0.148.0
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

View File

@ -1,11 +1,22 @@
[![GitHub Release][release-img]][release]
![Downloads][download]
![Docker Pulls][docker-pull]
[![Go Report Card][report-card-img]][report-card]
[![Build Status](https://travis-ci.org/aquasecurity/kube-bench.svg?branch=main)](https://travis-ci.org/aquasecurity/kube-bench)
[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/aquasecurity/kube-bench/blob/main/LICENSE)
[![Docker image](https://images.microbadger.com/badges/image/aquasec/kube-bench.svg)](https://microbadger.com/images/aquasec/kube-bench "Get your own image badge on microbadger.com")
[![Source commit](https://images.microbadger.com/badges/commit/aquasec/kube-bench.svg)](https://microbadger.com/images/aquasec/kube-bench)
[![Coverage Status][cov-img]][cov]
[download]: https://img.shields.io/github/downloads/aquasecurity/kube-bench/total?logo=github
[release-img]: https://img.shields.io/github/release/aquasecurity/kube-bench.svg?logo=github
[release]: https://github.com/aquasecurity/kube-bench/releases
[docker-pull]: https://img.shields.io/docker/pulls/aquasec/kube-bench?logo=docker&label=docker%20pulls%20%2F%20kube-bench
[cov-img]: https://codecov.io/github/aquasecurity/kube-bench/branch/main/graph/badge.svg
[cov]: https://codecov.io/github/aquasecurity/kube-bench
[report-card-img]: https://goreportcard.com/badge/github.com/aquasecurity/kube-bench
[report-card]: https://goreportcard.com/report/github.com/aquasecurity/kube-bench
<img src="images/kube-bench.png" width="200" alt="kube-bench logo">
kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the [CIS Kubernetes Benchmark](https://www.cisecurity.org/benchmark/kubernetes/).