Merge pull request #810 from project-primera/fix/hide-friendcode #106
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'push: develop' | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| jobs: | |
| dockle: | |
| name: Dockle scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@master | |
| - run: docker login --username ${{ secrets.DOCKER_HUB_USER }} --password ${{ secrets.DOCKER_HUB_TOKEN }} | |
| - name: Build docker image | |
| run: docker build ./ -t ${IMAGE_NAME} --file Dockerfile | |
| - name: Install dockle | |
| run: | | |
| VERSION=$(curl --silent "https://api.github.com/repos/goodwithtech/dockle/releases/latest" | \ | |
| grep '"tag_name":' | \ | |
| sed -E 's/.*"v([^"]+)".*/\1/' \ | |
| ) | |
| curl -L -o dockle.deb https://github.com/goodwithtech/dockle/releases/download/v${VERSION}/dockle_${VERSION}_Linux-64bit.deb | |
| sudo dpkg -i dockle.deb | |
| rm dockle.deb | |
| - name: Check image with dockle | |
| # CIS-DI-0001: Create a user for the container | |
| # DKL-DI-0006: Avoid latest tag | |
| run: dockle --exit-code 1 --exit-level warn -i CIS-DI-0001 -i DKL-DI-0006 ${IMAGE_NAME} | |
| - name: Slack Notification | |
| uses: 8398a7/action-slack@v2 | |
| if: cancelled() || failure() | |
| with: | |
| status: ${{ job.status }} | |
| author_name: ProjectPrimera/ongeki-score | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TEST }} | |
| env: | |
| IMAGE_NAME: projectprimera/ongeki-score | |
| trivy: | |
| name: Trivy scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@master | |
| - run: docker login --username ${{ secrets.DOCKER_HUB_USER }} --password ${{ secrets.DOCKER_HUB_TOKEN }} | |
| - name: Build docker image | |
| run: docker build ./ -t ${IMAGE_NAME} --file Dockerfile | |
| - name: Install trivy | |
| run: | | |
| sudo apt-get install apt-transport-https gnupg | |
| wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add - | |
| echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -cs) main | sudo tee -a /etc/apt/sources.list.d/trivy.list | |
| sudo apt-get update | |
| sudo apt-get install trivy | |
| - name: Vulnerability scan with trivy | |
| run: trivy -q image ${IMAGE_NAME} | |
| # run: trivy -q --severity HIGH,CRITICAL --exit-code 1 ${IMAGE_NAME} | |
| - name: Slack Notification | |
| uses: 8398a7/action-slack@v2 | |
| if: cancelled() || failure() | |
| with: | |
| status: ${{ job.status }} | |
| author_name: ProjectPrimera/ongeki-score | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TEST }} | |
| env: | |
| IMAGE_NAME: projectprimera/ongeki-score | |
| slack: | |
| name: Slack Notification | |
| runs-on: ubuntu-latest | |
| needs: [dockle, trivy] | |
| steps: | |
| - name: Slack Notification | |
| uses: 8398a7/action-slack@v2 | |
| if: always() | |
| with: | |
| status: ${{ job.status }} | |
| author_name: ProjectPrimera/ongeki-score | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TEST }} |