-
Notifications
You must be signed in to change notification settings - Fork 0
61 lines (51 loc) · 1.87 KB
/
docker-publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
---
name: build and push docker image
on:
push
jobs:
release-docker:
name: Release docker image
if: "!contains(github.event.head_commit.message, '[skip ci]')"
runs-on: ubuntu-18.04
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Deploy docker image
uses: docker/build-push-action@v1
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
repository: kranurag7/kubescape-argo
tag_with_ref: true
add_git_labels: true
tag_with_sha: true
- name: Get git sha short
id: vars
run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
- name: Generate deploy manifest from Jinja template
uses: cuchi/jinja2-action@v1.1.0
with:
template: tmpl/hello.j2
output_file: deployments/deployment.yaml
strict: true
variables: |
image_deploy_tag=sha-${{ steps.vars.outputs.sha_short }}
- name: Commit deploy manifest on local repo
run: |
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git add .
git commit -s -m "[skip ci] Generate deployment manifests"
- name: Push deploy manifests to local repo
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.AUTO_COMMIT_TOKEN }}
nsa-security-check:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Install Kubescape
run: curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh | /bin/bash
- name: Scan YAML files
run: kubescape scan framework nsa deployments/*.yaml --fail-threshold 0