v1.2.0 #10

Workflow file for this run

.github/workflows/docker-push.yml at d65d8eb

	name: Publish Docker image

	on:
	release:
	types: [published]
	pull_request:
	branches:
	- main

	env:
	REGISTRY: docker.io
	IMAGE_NAME: iac-tools


	jobs:
	test:
	runs-on: ubuntu-latest
	if: github.event_name == 'pull_request'

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build test image
	uses: docker/build-push-action@v5
	with:
	context: .
	load: true
	tags: test-image
	cache-from: type=gha

	- name: Test Terraform
	run: \|
	echo "Testing Terraform installation..."
	docker run --rm test-image terraform --version

	- name: Test Terragrunt
	run: \|
	echo "Testing Terragrunt installation..."
	docker run --rm test-image terragrunt --version

	- name: Test Ansible
	run: \|
	echo "Testing Ansible installation..."
	docker run --rm test-image ansible --version

	- name: Test Git
	run: \|
	echo "Testing Git installation..."
	docker run --rm test-image git --version
	security-scan:
	runs-on: ubuntu-latest
	if: github.event_name == 'pull_request'
	permissions:
	contents: read
	security-events: write

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build image for scanning
	uses: docker/build-push-action@v5
	with:
	context: .
	load: true
	tags: scan-image
	cache-from: type=gha

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: "scan-image"
	format: "sarif"
	output: "trivy-results.sarif"

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v3
	if: always()
	with:
	sarif_file: "trivy-results.sarif"
	push_to_registry:
	if: github.event_name == 'release'
	name: Push Docker image to Docker Hub
	runs-on: ubuntu-latest
	permissions:
	packages: write
	contents: read
	attestations: write
	id-token: write
	steps:
	- name: Check out the repo
	uses: actions/checkout@v4

	- name: Log in to Docker Hub
	uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Extract metadata (tags, labels) for Docker
	id: meta
	uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
	with:
	images: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}

	- name: Build and push Docker image
	id: push
	uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
	with:
	context: .
	file: ./Dockerfile
	push: true
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}

	- name: Generate artifact attestation
	uses: actions/attest-build-provenance@v2
	with:
	subject-name: index.docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}
	subject-digest: ${{ steps.push.outputs.digest }}
	push-to-registry: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v1.2.0 #10

Workflow file

v1.2.0 #10

Uh oh!

Workflow file for this run