updated Kaniko pipeline #23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker Image CI | |
| on: | |
| push: | |
| branches: | |
| - kaniko | |
| jobs: | |
| kaniko: | |
| runs-on: ubuntu-latest | |
| environment: Docker Image | |
| steps: | |
| # Check out the repository code | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| # Set Release version environment variable | |
| - name: Set env | |
| run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV | |
| # Set up Docker credentials for Kaniko | |
| - name: Set up Docker credentials | |
| env: | |
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
| DOCKER_REGISTRY: ${{ secrets.DOCKER_REGISTRY }} | |
| run: | | |
| mkdir -p /kaniko/.docker | |
| echo "{\"auths\":{\"$DOCKER_REGISTRY\":{\"username\":\"$DOCKER_USERNAME\",\"password\":\"$DOCKER_PASSWORD\"}}}" > /kaniko/.docker/config.json | |
| # Download Kaniko executor | |
| - name: Download Kaniko executor | |
| run: | | |
| mkdir -p /kaniko | |
| curl -L https://github.com/GoogleContainerTools/kaniko/releases/download/v1.8.1/executor -o /kaniko/executor | |
| chmod +x /kaniko/executor | |
| # Build Image and Generate tarball | |
| - name: Generate TAR | |
| run: | | |
| /kaniko/executor \ | |
| --dockerfile=Dockerfile \ | |
| --context=. \ | |
| --destination=docker.io/$DOCKER_USERNAME/${{ vars.IMAGE_NAME }}:${{ github.sha }} \ | |
| --destination=docker.io/$DOCKER_USERNAME/${{ vars.IMAGE_NAME }}:latest \ | |
| --tar-path=image.tar \ | |
| --no-push \ | |
| --no-push-cache | |
| # Perform CI scanning using twistcli | |
| - name: CI Scanning | |
| run: | | |
| #Generate Console token | |
| token=$(curl -s -k ${{ secrets.PCC_URL }}/api/v1/authenticate -X POST -H "Content-Type: application/json" -d '{ | |
| "username":"${{ secrets.PCC_USER }}", | |
| "password":"${{ secrets.PCC_PASS }}" | |
| }' | grep -Po '"'"token"'"\s*:\s*"\K([^"]*)') | |
| #Download Twistcli | |
| curl -s -O ${{ secrets.PCC_URL }}/api/v1/util/twistcli -H "Authorization: Bearer $token" | |
| chmod a+x twistcli | |
| ./twistcli --version | |
| #Perform CI Scan | |
| ./twistcli images scan --address ${{ secrets.PCC_URL }} --token $token --details --tarball image.tar | |