-
Notifications
You must be signed in to change notification settings - Fork 373
Expand file tree
/
Copy pathrelease-docker-github-actions.yaml
More file actions
90 lines (88 loc) · 3.91 KB
/
Copy pathrelease-docker-github-actions.yaml
File metadata and controls
90 lines (88 loc) · 3.91 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
name: release-docker-github-action
on:
workflow_dispatch:
inputs:
version:
description: "Version To push"
required: true
jobs:
push_to_registry:
name: Push Docker GitHub Actions image to Docker Hub
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Check out the tag
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.inputs.version }}
- name: Set up QEMU
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v2
with:
image: tonistiigi/binfmt:latest
platforms: linux/amd64,linux/arm64
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Login to DockerHub
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Get current date
run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV
- name: Docker meta
id: meta
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
with:
images: "checkmarx/kics"
labels: |
org.opencontainers.image.title=KICS
org.opencontainers.image.version=${{ github.event.inputs.version }}
org.opencontainers.image.vendor=Checkmarx
org.opencontainers.image.authors=KICS
org.opencontainers.image.description=Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
org.opencontainers.image.documentation=https://docs.kics.io
org.opencontainers.image.url=https://github.com/Checkmarx/kics
org.opencontainers.image.source=https://github.com/Checkmarx/kics
org.opencontainers.image.licenses=Apache-2.0
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.created=${{ env.CREATED_AT }}
- name: Push Github Action Image to Docker Hub
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
id: build_gh_action
with:
context: .
push: true
platforms: linux/amd64,linux/arm64
tags: checkmarx/kics:gh-action-kics2.0
build-args: |
VERSION=${{ github.event.inputs.version }}
COMMIT=${{ github.sha }}
SENTRY_DSN=${{ secrets.SENTRY_DSN }}
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
labels: ${{ steps.meta.outputs.labels }}
- name: Check out the repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Generate KICS Bot token
id: kics-bot-token
uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 #v3.1.1
with:
client-id: ${{ vars.GH_APP_KICSAPP_CLIENT_ID }}
private-key: ${{ secrets.GH_APP_KICSAPP_PRIVATE_KEY }}
- name: Create Pull Request
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6
with:
title: "docs(kicsbot): update images digest"
token: ${{ steps.kics-bot-token.outputs.token }}
commit-message: "docs(kicsbot): update github-action image digest"
delete-branch: true
branch: feature/kicsbot-update-gh-actions-digest
body: |
**Automated Changes**
Updating docker github-action image digest
Triggered by SHA: _${{ github.sha }}_
labels: documentation