Skip to content

build

build #88

Workflow file for this run

# This workflow will build a docker container, publish it to Azure Container Registry, and deploy it to Azure Kubernetes Service using a helm chart.
#
# https://github.com/Azure/actions-workflow-samples/tree/master/Kubernetes
#
# To configure this workflow:
#
# 1. Set up the following secrets in your workspace:
# a. REGISTRY_USERNAME with ACR username
# b. REGISTRY_PASSWORD with ACR Password
#
# 2. Change the values for the REGISTRY_NAME environment variables (below).
name: build
on:
pull_request:
schedule:
- cron: '0 22 * * *'
# Environment variables available to all jobs and steps in this workflow
env:
REGISTRY_NAME: k8scc01covidacr
TRIVY_VERSION: "v0.43.1"
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
jobs:
build:
services:
registry:
image: registry:2
ports:
- 5000:5000
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
# Container build
- name: Build image
run: |
docker build -f Dockerfile -t localhost:5000/profile-state-controller:${{ github.sha }} .
docker push localhost:5000/profile-state-controller:${{ github.sha }}
docker image prune
# Scan image for vulnerabilities
- name: Aqua Security Trivy image scan
run: |
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin ${{ env.TRIVY_VERSION }}
trivy image localhost:5000/profile-state-controller:${{ github.sha }} --exit-code 1 --timeout=20m --security-checks vuln --severity CRITICAL
# Run Dockle
- name: Run dockle
uses: goodwithtech/dockle-action@main
with:
image: localhost:5000/profile-state-controller:${{ github.sha }}
format: 'list'
exit-code: '1'
exit-level: 'fatal'
ignore: 'DKL-DI-0006'
- name: Slack Notification
if: failure() && github.event_name=='schedule'
uses: act10ns/slack@v1
with:
status: failure
message: profile-state-controller build failed. https://github.com/StatCan/aaw-profile-state-controller/actions/runs/${{github.run_id}}