Skip to content

Build tool-box container #947

Build tool-box container

Build tool-box container #947

Workflow file for this run

---
name: tool-box
run-name: Build tool-box container
on:
pull_request:
paths:
- 'pipelines/dockerfiles/tool-box/**'
- .github/workflows/tool-box.yml
branches: [ master ]
push:
paths:
- 'pipelines/dockerfiles/tool-box/**'
- .github/workflows/tool-box.yml
branches: [ master ]
workflow_dispatch:
env:
IMAGE_NAME: constantin07/tool-box:latest
jobs:
build:
runs-on: ubuntu-22.04
permissions:
security-events: write
defaults:
run:
working-directory: pipelines/dockerfiles/tool-box
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/[email protected]
with:
driver-opts: image=moby/buildkit:master
- name: Login to Docker Hub
uses: docker/[email protected]
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Copy required files
run: |
cp -a ../../../ansible/requirements.yml .
cp -a ../../../bin .
- name: Docker build
uses: docker/[email protected]
with:
context: pipelines/dockerfiles/tool-box
platforms: 'linux/amd64,linux/arm64'
push: false
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: VAULT_CERTS=no_copy
tags: ${{ env.IMAGE_NAME }}
load: false
- name: Load amd64 platform
run: docker buildx build --load --platform 'linux/amd64' -t ${{ env.IMAGE_NAME }} .
- name: Load arm64 platform with a different tag
run: docker buildx build --load --platform 'linux/arm64' -t ${{ env.IMAGE_NAME }}-arm64 .
- name: Run trivy scan
uses: aquasecurity/[email protected]
with:
image-ref: ${{ env.IMAGE_NAME }}
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'
- name: Push both platforms as one image manifest list
uses: docker/[email protected]
with:
context: pipelines/dockerfiles/tool-box
platforms: linux/amd64,linux/arm64
push: true
build-args: VAULT_CERTS=no_copy
tags: ${{ env.IMAGE_NAME }}