Build tool-box container #1291
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: tool-box | |
run-name: Build tool-box container | |
on: | |
pull_request: | |
paths: | |
- 'pipelines/dockerfiles/tool-box/**' | |
- .github/workflows/tool-box.yml | |
branches: [ master ] | |
push: | |
paths: | |
- 'pipelines/dockerfiles/tool-box/**' | |
- .github/workflows/tool-box.yml | |
branches: [ master ] | |
workflow_dispatch: | |
env: | |
IMAGE_NAME: constantin07/tool-box:latest | |
jobs: | |
build: | |
runs-on: ubuntu-22.04 | |
permissions: | |
security-events: write | |
defaults: | |
run: | |
working-directory: pipelines/dockerfiles/tool-box | |
steps: | |
- name: Checkout source code | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
with: | |
driver-opts: image=moby/buildkit:master | |
- name: Login to Docker Hub | |
uses: docker/[email protected] | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Copy required files | |
run: | | |
cp -a ../../../ansible/requirements.yml . | |
cp -a ../../../bin . | |
- name: Docker build | |
uses: docker/[email protected] | |
with: | |
context: pipelines/dockerfiles/tool-box | |
platforms: linux/amd64,linux/arm64 | |
push: false | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
build-args: VAULT_CERTS=no_copy | |
tags: ${{ env.IMAGE_NAME }} | |
load: false | |
- name: Load amd64 platform | |
run: docker buildx build --load --platform 'linux/amd64' -t ${{ env.IMAGE_NAME }} . | |
- name: Load arm64 platform with a different tag | |
run: docker buildx build --load --platform 'linux/arm64' -t ${{ env.IMAGE_NAME }}-arm64 . | |
- name: Run trivy scan | |
uses: aquasecurity/[email protected] | |
with: | |
image-ref: ${{ env.IMAGE_NAME }} | |
format: sarif | |
output: trivy-results.sarif | |
- name: Upload Trivy scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: trivy-results.sarif | |
- name: Push both platforms as one image manifest list | |
uses: docker/[email protected] | |
with: | |
context: pipelines/dockerfiles/tool-box | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
build-args: VAULT_CERTS=no_copy | |
tags: ${{ env.IMAGE_NAME }} |