shree007 docker pipeline #34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: docker-github-actions | |
| run-name: ${{ github.actor }} docker pipeline | |
| on: | |
| push: | |
| branches: | |
| - "create-github-pipeline-for-docker" | |
| - "main" | |
| pull_request: | |
| jobs: | |
| lint: | |
| name: lint dockerfiles | |
| runs-on: [ubuntu-latest] | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v3 | |
| - name: Install hadolint | |
| run: | | |
| sudo wget -O /usr/local/bin/hadolint \ | |
| https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64 | |
| sudo chmod +x /usr/local/bin/hadolint | |
| - name: Find and Lint Dockerfiles | |
| run: | | |
| find . -name "Dockerfile" | while read dockerfile; do | |
| echo "Linting $dockerfile" | |
| hadolint "$dockerfile" || echo "Warnings found in $dockerfile" | |
| done | |
| build: | |
| name: Build multi arch docker image | |
| runs-on: [ubuntu-latest] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Set up QEMU for multi-arch build | |
| uses: docker/setup-qemu-action@v2 | |
| with: | |
| platforms: "linux/amd64,linux/arm64" | |
| - name: Setup docker buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Install Trivy | |
| run: | | |
| curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin | |
| - name: Build and Scan Multi-Arch Images | |
| run: | | |
| find ./apps -name "Dockerfile" | while read dockerfile; do | |
| app_dir=$(dirname "$dockerfile") | |
| app_name=$(basename "$app_dir") | |
| echo "Building and pushing image for $app_name from $app_dir" | |
| docker buildx build \ | |
| --platform linux/amd64,linux/arm64 \ | |
| --tag your-dockerhub-username/$app_name:latest \ | |
| --push \ | |
| "$app_dir" | |
| echo "Scanning image for $app_name with Trivy" | |
| trivy image --severity HIGH,CRITICAL your-dockerhub-username/$app_name:latest || exit 1 | |
| done | |
| - name: Log in to DockerHub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUBUSERNAME }} | |
| password: ${{ secrets.DOCKERHUBPASSWORD }} | |
| - name: Log in to DockerHub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUBUSERNAME }} | |
| password: ${{ secrets.DOCKERHUBPASSWORD }} | |