Skip to content
Docker Build and Trivy Scan

feat: update Docker workflow to include DockerHub login #13

Sign in to view logs

feat: update Docker workflow to include DockerHub login

feat: update Docker workflow to include DockerHub login #13

Workflow file for this run

.github/workflows/docker-build-and-scan.yaml at 16127ef
name: Docker Build and Trivy Scan
on:
push:
branches:
- '**'
workflow_call:
inputs:
DOCKER_PATH_CONTEXT:
required: true
type: string
DOCKER_BUILD_DOCKERFILE:
required: true
type: string
DOCKER_LOAD_BOOL:
required: true
type: boolean
DOCKER_TAGS:
required: true
type: string
jobs:
build-and-scan:
runs-on: ubuntu-latest
env:
DOCKER_PATH_CONTEXT: .
DOCKER_BUILD_DOCKERFILE: Dockerfile
DOCKER_LOAD_BOOL: true
DOCKER_TAGS: sample-python-app:${{ github.sha }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
if: github.event_name == 'workflow_call'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build (and maybe push) Docker image
uses: docker/build-push-action@v6
with:
context: ${{ github.event_name == 'workflow_call' && inputs.DOCKER_PATH_CONTEXT || env.DOCKER_PATH_CONTEXT }}
file: ${{ github.event_name == 'workflow_call' && inputs.DOCKER_BUILD_DOCKERFILE || env.DOCKER_BUILD_DOCKERFILE }}
load: ${{ github.event_name != 'workflow_call' }}
push: ${{ github.event_name == 'workflow_call' }}
tags: ${{ github.event_name == 'workflow_call' && inputs.DOCKER_TAGS || env.DOCKER_TAGS }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.33.1
with:
image-ref: ${{ inputs.DOCKER_TAGS || env.DOCKER_TAGS }}
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'