Skip to content
Fargate Deploy with PCC Defender

Added Dockerfile upload to ECR #5

Sign in to view logs

Added Dockerfile upload to ECR

Added Dockerfile upload to ECR #5

Workflow file for this run

.github/workflows/docker-image.yml at 299cf25
name: Fargate Deploy with PCC Defender
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
jobs:
build:
runs-on: ubuntu-latest
environment: Testing
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- name: Configure AWS Credentials region audience
uses: aws-actions/configure-aws-credentials@v4
with:
audience: sts.amazonaws.com
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE }}
- name: Set env
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build image and CI Scanning
run: |
# Build docker image
docker build -t ${{ vars.IMAGE_NAME }}:latest .
#Generate Console token
token=$(curl -s -k ${{ secrets.PCC_URL }}/api/v1/authenticate -X POST -H "Content-Type: application/json" -d '{
"username":"${{ secrets.PCC_USER }}",
"password":"${{ secrets.PCC_PASS }}"
}' | grep -Po '"'"token"'"\s*:\s*"\K([^"]*)')
#Download Twistcli
curl -s -O ${{ secrets.PCC_URL }}/api/v1/util/twistcli -H "Authorization: Bearer $token"
chmod a+x twistcli
./twistcli --version
#Perform CI Scan
./twistcli images scan --address ${{ secrets.PCC_URL }} --token $token --details ${{ vars.IMAGE_NAME }}:latest
#Perform Analysis Sandbox
sudo ./twistcli sandbox --address ${{ secrets.PCC_URL }} --token $token --analysis-duration 2m ${{ vars.IMAGE_NAME }}:latest
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
registry: ${{ secrets.AWS_ECR_REGISTRY }}
username: AWS
password: ${{ secrets.AWS_ACCESS_TOKEN }}
- name: Push
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ vars.IMAGE_NAME }}:latest,${{ vars.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}