-
Notifications
You must be signed in to change notification settings - Fork 0
55 lines (46 loc) · 1.93 KB
/
docker-image.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
name: Docker Image CI
on:
push:
tags:
- 'v*' # This will trigger the workflow for any tag that starts with v
jobs:
build:
runs-on: ubuntu-latest # Lightweight OS for Docker builds
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Build and push Docker image
uses: docker/build-push-action@v6
with:
context: ./Dockerfiles
file: ./Dockerfiles/Dockerfile_amazonlinux_2023 # Specify your custom Dockerfile name
push: true
tags: gfish/devenv_amazonlinux_2023:${{ github.ref_name }} # Use the tag that was pushed
platforms: linux/amd64,linux/arm64 # Specify target platforms
- name: Scan image for vulnerabilities
uses: aquasecurity/trivy-action@0.20.0
with:
image-ref: gfish/devenv_amazonlinux_2023:${{ github.ref_name }}
format: 'table'
severity: 'HIGH,CRITICAL'
- name: Get latest Amazon Linux 2023 tag update timestamp
id: get_timestamp
run: |
response=$(curl -s "https://hub.docker.com/v2/repositories/library/amazonlinux/tags/2023")
timestamp=$(echo "$response" | jq -r '.last_updated')
epoch_timestamp=$(date -d "$timestamp" +%s)
echo "Latest epoch timestamp: $epoch_timestamp timestamp: $timestamp"
echo "epoch_timestamp=al2023-$epoch_timestamp" >> $GITHUB_ENV
- name: Create Git tag
run: |
git config --global user.name "github-actions[bot]"
git config --global user.email "github-actions[bot]@users.noreply.github.com"
git tag "$epoch_timestamp"
git push origin "$epoch_timestamp" -f