mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-12-22 14:48:07 +00:00
feat: github actions to publish ecr and docker (#782)
* feat: github actions to publish ecr and docker * fix: yaml lint in build Co-authored-by: Carol Valencia <krol3@users.noreply.github.com>
This commit is contained in:
parent
ecdd0b4158
commit
abe0954dcb
38
.github/workflow/build.yml
vendored
Normal file
38
.github/workflow/build.yml
vendored
Normal file
@ -0,0 +1,38 @@
|
||||
name: Build
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths-ignore:
|
||||
- "*.md"
|
||||
- "LICENSE"
|
||||
- "NOTICE"
|
||||
pull_request:
|
||||
paths-ignore:
|
||||
- "*.md"
|
||||
- "LICENSE"
|
||||
- "NOTICE"
|
||||
jobs:
|
||||
build:
|
||||
name: Build
|
||||
runs-on: ubuntu-18.04
|
||||
steps:
|
||||
- name: Setup Go
|
||||
uses: actions/setup-go@v1
|
||||
with:
|
||||
go-version: 1.15
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
- name: yaml-lint
|
||||
uses: ibiqlik/action-yamllint@v3
|
||||
- name: Run unit tests
|
||||
run: make tests
|
||||
- name: Upload code coverage
|
||||
uses: codecov/codecov-action@v1
|
||||
with:
|
||||
file: ./coverage.txt
|
||||
- name: Dry-run release snapshot
|
||||
uses: goreleaser/goreleaser-action@v2
|
||||
with:
|
||||
version: v0.148.0
|
||||
args: release --snapshot --skip-publish --rm-dist
|
37
.github/workflow/publish-ecr.yml
vendored
Normal file
37
.github/workflow/publish-ecr.yml
vendored
Normal file
@ -0,0 +1,37 @@
|
||||
name: Publish-ECR
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- "v*"
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
name: Publish to Amazon ECR
|
||||
runs-on: ubuntu-18.04
|
||||
steps:
|
||||
- name: Configure AWS credentials
|
||||
uses: aws-actions/configure-aws-credentials@v1
|
||||
with:
|
||||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
aws-region: us-east-1
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
- name: Install AWS Cli 2.0
|
||||
run: |
|
||||
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
|
||||
unzip awscliv2.zip
|
||||
sudo ./aws/install
|
||||
- name: Get the version
|
||||
id: vars
|
||||
run: echo ::set-output name=tag::$(echo ${GITHUB_REF:10})
|
||||
- name: Publish to ECR
|
||||
env:
|
||||
IMAGE_TAG: ${{steps.vars.outputs.tag}}
|
||||
REP_NAME: kube-bench
|
||||
ALIAS: aquasecurity
|
||||
run: |
|
||||
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/$ALIAS
|
||||
docker build -t $REP_NAME:$IMAGE_TAG .
|
||||
docker tag $REP_NAME:$IMAGE_TAG public.ecr.aws/$ALIAS/$REP_NAME:$IMAGE_TAG
|
||||
docker push public.ecr.aws/$ALIAS/$REP_NAME:$IMAGE_TAG
|
52
.github/workflow/publish.yml
vendored
Normal file
52
.github/workflow/publish.yml
vendored
Normal file
@ -0,0 +1,52 @@
|
||||
name: Publish
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- "v*"
|
||||
jobs:
|
||||
publish:
|
||||
name: Publish
|
||||
runs-on: ubuntu-18.04
|
||||
steps:
|
||||
- name: Check Out Repo
|
||||
uses: actions/checkout@v2
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v1
|
||||
- name: Cache Docker layers
|
||||
uses: actions/cache@v2
|
||||
with:
|
||||
path: /tmp/.buildx-cache
|
||||
key: ${{ runner.os }}-buildx-${{ github.sha }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-buildx-
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
|
||||
- name: Set up Docker Buildx
|
||||
id: buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
- name: Docker meta
|
||||
id: docker_meta
|
||||
uses: crazy-max/ghaction-docker-meta@v1
|
||||
with:
|
||||
images: aquasec/kube-bench
|
||||
tag-semver: |
|
||||
{{version}}
|
||||
- name: Build and push
|
||||
id: docker_build
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: ./
|
||||
file: ./Dockerfile
|
||||
platforms: linux/amd64,linux/arm64,linux/386
|
||||
builder: ${{ steps.buildx.outputs.name }}
|
||||
push: true
|
||||
tags: |
|
||||
${{ steps.docker_meta.outputs.tags }}
|
||||
cache-from: type=local,src=/tmp/.buildx-cache
|
||||
cache-to: type=local,dest=/tmp/.buildx-cache
|
||||
labels: ${{ steps.docker_meta.outputs.labels }}
|
||||
- name: Image digest
|
||||
run: echo ${{ steps.docker_build.outputs.digest }}
|
29
.github/workflow/release.yml
vendored
Normal file
29
.github/workflow/release.yml
vendored
Normal file
@ -0,0 +1,29 @@
|
||||
name: Release
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- "v*"
|
||||
jobs:
|
||||
release:
|
||||
name: Release
|
||||
runs-on: ubuntu-18.04
|
||||
steps:
|
||||
- name: Setup Go
|
||||
uses: actions/setup-go@v1
|
||||
with:
|
||||
go-version: 1.15
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
- name: Run unit tests
|
||||
run: make tests
|
||||
- name: Upload code coverage
|
||||
uses: codecov/codecov-action@v1
|
||||
with:
|
||||
file: ./coverage.txt
|
||||
- name: Release
|
||||
uses: goreleaser/goreleaser-action@v2
|
||||
with:
|
||||
version: v0.148.0
|
||||
args: release --rm-dist
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
11
README.md
11
README.md
@ -1,11 +1,22 @@
|
||||
[![GitHub Release][release-img]][release]
|
||||
![Downloads][download]
|
||||
![Docker Pulls][docker-pull]
|
||||
[![Go Report Card][report-card-img]][report-card]
|
||||
[![Build Status](https://travis-ci.org/aquasecurity/kube-bench.svg?branch=main)](https://travis-ci.org/aquasecurity/kube-bench)
|
||||
[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/aquasecurity/kube-bench/blob/main/LICENSE)
|
||||
[![Docker image](https://images.microbadger.com/badges/image/aquasec/kube-bench.svg)](https://microbadger.com/images/aquasec/kube-bench "Get your own image badge on microbadger.com")
|
||||
[![Source commit](https://images.microbadger.com/badges/commit/aquasec/kube-bench.svg)](https://microbadger.com/images/aquasec/kube-bench)
|
||||
[![Coverage Status][cov-img]][cov]
|
||||
|
||||
[download]: https://img.shields.io/github/downloads/aquasecurity/kube-bench/total?logo=github
|
||||
[release-img]: https://img.shields.io/github/release/aquasecurity/kube-bench.svg?logo=github
|
||||
[release]: https://github.com/aquasecurity/kube-bench/releases
|
||||
[docker-pull]: https://img.shields.io/docker/pulls/aquasec/kube-bench?logo=docker&label=docker%20pulls%20%2F%20kube-bench
|
||||
[cov-img]: https://codecov.io/github/aquasecurity/kube-bench/branch/main/graph/badge.svg
|
||||
[cov]: https://codecov.io/github/aquasecurity/kube-bench
|
||||
[report-card-img]: https://goreportcard.com/badge/github.com/aquasecurity/kube-bench
|
||||
[report-card]: https://goreportcard.com/report/github.com/aquasecurity/kube-bench
|
||||
|
||||
<img src="images/kube-bench.png" width="200" alt="kube-bench logo">
|
||||
|
||||
kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the [CIS Kubernetes Benchmark](https://www.cisecurity.org/benchmark/kubernetes/).
|
||||
|
Loading…
Reference in New Issue
Block a user