-
Notifications
You must be signed in to change notification settings - Fork 6
61 lines (51 loc) · 1.83 KB
/
docker-image.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
name: Kaniko CI Image
on:
push:
branches:
- kaniko
jobs:
kaniko:
runs-on: ubuntu-latest
environment: Docker Image
steps:
# Check out the repository code
- name: Checkout
uses: actions/checkout@v4
# Set Release version environment variable
- name: Set env
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
# Include Metedata
- name: Setup Metadata
uses: docker/metadata-action@v3
id: metadata
with:
images: "${{ vars.IMAGE_NAME }}"
# Set up Docker credentials for Kaniko
- name: Login to Docker
uses: docker/login-action@v3
with:
registry: ${{ secrets.DOCKER_REGISTRY }}
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
# Build Image and Generate tarball
- name: Kaniko build
uses: bymarshall/kaniko-action@main
with:
push: false
tags: ${{ steps.metadata.outputs.tags }}
labels: ${{ steps.metadata.outputs.labels }}
tar_file: image.tar
# Perform CI scanning using twistcli
- name: CI Scanning
run: |
#Generate Console token
token=$(curl -s -k ${{ secrets.PCC_URL }}/api/v1/authenticate -X POST -H "Content-Type: application/json" -d '{
"username":"${{ secrets.PCC_USER }}",
"password":"${{ secrets.PCC_PASS }}"
}' | grep -Po '"'"token"'"\s*:\s*"\K([^"]*)')
#Download Twistcli
curl -s -O ${{ secrets.PCC_URL }}/api/v1/util/twistcli -H "Authorization: Bearer $token"
chmod a+x twistcli
./twistcli --version
#Perform CI Scan
./twistcli images scan --address ${{ secrets.PCC_URL }} --token $token --details --tarball image.tar