Merge pull request #22 from StatCan/115-leverage-dockle

feat(workflows): integrate dockle
StatCan · Aug 21, 2023 · d704a9d · d704a9d
2 parents 5476577 + 3f606cc
commit d704a9d
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 3 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -32,11 +32,20 @@ jobs:
       run: |
         docker build -f Dockerfile -t localhost:5000/profile-state-controller:${{ github.sha }} .
         docker push localhost:5000/profile-state-controller:${{ github.sha }}
-        docker rmi localhost:5000/profile-state-controller:${{ github.sha }}
         docker image prune
         
     # Scan image for vulnerabilities
     - name: Aqua Security Trivy image scan
       run: |
         curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin ${{ env.TRIVY_VERSION }}
         trivy image localhost:5000/profile-state-controller:${{ github.sha }} --exit-code 1 --timeout=20m --security-checks vuln --severity CRITICAL
+    
+    # Run Dockle
+    - name: Run dockle
+      uses: goodwithtech/dockle-action@main
+      with:
+        image: localhost:5000/profile-state-controller:${{ github.sha }}
+        format: 'list'
+        exit-code: '1'
+        exit-level: 'fatal'
+        ignore: 'DKL-DI-0006'
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -42,7 +42,6 @@ jobs:
       run: |
         docker build -f Dockerfile -t localhost:5000/profile-state-controller:${{ github.sha }} .
         docker push localhost:5000/profile-state-controller:${{ github.sha }}
-        docker rmi localhost:5000/profile-state-controller:${{ github.sha }}
         docker image prune
         
     # Scan image for vulnerabilities
@@ -51,9 +50,19 @@ jobs:
         curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin ${{ env.TRIVY_VERSION }}
         trivy image localhost:5000/profile-state-controller:${{ github.sha }} --exit-code 1 --timeout=20m --security-checks vuln --severity CRITICAL
 
+    # Run Dockle
+    - name: Run dockle
+      uses: goodwithtech/dockle-action@main
+      with:
+        image: localhost:5000/profile-state-controller:${{ github.sha }}
+        format: 'list'
+        exit-code: '1'
+        exit-level: 'fatal'
+        ignore: 'DKL-DI-0006'
+
     # Push to the ACR
     - name: Push image to registry
       run: |
         docker pull localhost:5000/profile-state-controller:${{ github.sha }}
         docker tag localhost:5000/profile-state-controller:${{ github.sha }} ${{ env.REGISTRY_NAME }}.azurecr.io/profile-state-controller:${{ github.sha }}
-        docker push ${{ env.REGISTRY_NAME }}.azurecr.io/profile-state-controller:${{ github.sha }}
+        docker push ${{ env.REGISTRY_NAME }}.azurecr.io/profile-state-controller:${{ github.sha }}