Skip to content

feat: Checkov Dockerfile Scan #55

feat: Checkov Dockerfile Scan

feat: Checkov Dockerfile Scan #55

Workflow file for this run

name: CI/CD master
on:
push:
branches:
- main
paths-ignore:
- '**.md'
pull_request:
branches:
- main
paths-ignore:
- '**.md'
jobs:
initial:
name: Initializing
runs-on: ${{ matrix.platform }}
strategy:
matrix:
go-version: ['1.18.x', '1.19', '1.20']
platform: [ubuntu-latest]
steps:
- uses: actions/checkout@v3
- name: Set up Go ${{ matrix.go-version }}
uses: actions/setup-go@v3
with:
go-version: ${{ matrix.go-version }}
- name: Go modules Cache
uses: actions/cache@v2
id: go-cache
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-go-
- if: steps.go-cache.outputs.cache-hit != 'true'
run: go mod download
- name: Test
working-directory: ./app/cmd/main
run: go test -race ./...
- name: Build
working-directory: ./app/cmd/main
run: go build -v -o app-${{ matrix.go-version }}
- name: Upload Build results
uses: actions/upload-artifact@v3
with:
name: Go-results-${{ matrix.go-version }}
path: ./app/cmd/main/app-${{ matrix.go-version }}
docker:
runs-on: ubuntu-latest
needs: initial
steps:
- uses: actions/checkout@v3
- name: Download a single artifact
uses: actions/download-artifact@v3
with:
name: Go-results-1.19
- shell: bash
run: |
mv app-1.19 albums
- name: Checkov Dockerfile Scan
users: bridgecrewio/[email protected]
with:
directory: container-image-scannig
framework: dockerfile
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v4
with:
context: .
push: true
tags: arturmon/albums:latest
cache-from: type=gha
cache-to: type=gha,mode=max