adding push to ACR #72
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Wiz Full Scan | |
| on: | |
| push: | |
| branches: master | |
| paths: | |
| - "**.dockerfile" | |
| - "dockerfile" | |
| - "**.sh" | |
| jobs: | |
| build: | |
| name: Build and Push to DockerHub | |
| runs-on: ubuntu-latest | |
| # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest | |
| defaults: | |
| run: | |
| shell: bash | |
| env: | |
| TAG: "ajleal/softether:latest" # Set the tag to use for the image | |
| PLATFORMS: "linux/amd64,linux/amd64/v2,linux/arm64,linux/arm/v7" # Set the platforms to build the image for | |
| steps: | |
| - name: check out repository | |
| uses: actions/checkout@v4 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Docker Setup QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| version: latest | |
| - name: build image locally | |
| run: | | |
| docker build . --tag $TAG | |
| - name: Wiz Full Scan With Default Values # Run both wiz iac and docker scans, and upload the results to Wiz | |
| uses: aleksei-aikashev/wizcli-wrapper@v1 | |
| with: | |
| iac_scan_path: "." | |
| wiz_iac_policy: "Default IaC policy" # IaC scan defaults | |
| wiz_iac_report_name: "ajleal/softether:latest-${{ github.repository }}-${{ github.run_number }}" | |
| wiz_iac_tags: "repo=${{ github.repository }},commit_sha=${{ github.sha }},event_name=${{ github.event_name }},github_workflow=${{ github.workflow }}" | |
| skip_iac_scan: null | |
| # Docker images vulnerability scan defaults | |
| docker_scan_path: "." | |
| wiz_docker_vulnerabilities_policy: "Default vulnerabilities policy" | |
| wiz_docker_report_name: "ajleal/softether:latest" | |
| skip_docker_scan: null | |
| # Common inputs | |
| wiz_client_id: ${{ secrets.WIZ_CLIENT_ID }} | |
| wiz_client_secret: ${{ secrets.WIZ_CLIENT_SECRET }} | |
| - name: build image and push to dockerhub | |
| if: ${{ success() }} | |
| run: | | |
| docker buildx build --push --attest type=sbom --driver=docker-container --tag $TAG --platform $PLATFORMS . | |
| Push-to-ACR: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest | |
| defaults: | |
| run: | |
| shell: bash | |
| env: | |
| TAG: "ajleal/softether:latest" # Set the tag to use for the image | |
| PLATFORMS: "linux/amd64,linux/amd64/v2,linux/arm64,linux/arm/v7" # Set the platforms to build the image for | |
| steps: | |
| - name: Login to ACR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: prodmycorpone.azurecr.io | |
| username: ${{ secrets.ACR_PRODMYCORPONE_USER }} | |
| password: ${{ secrets.ACR_PRODMYCORPONE_PASSWORD }} | |
| - name: build image and push to dockerhub | |
| if: ${{ success() }} | |
| run: | | |
| docker buildx build --push --attest type=sbom --driver=docker-container --tag $TAG --platform $PLATFORMS . |