Skip to content

[deps]: Update gh minor #695

[deps]: Update gh minor

[deps]: Update gh minor #695

Workflow file for this run

---
name: Build
on:
workflow_dispatch:
push:
branches:
- "main"
pull_request:
jobs:
build-artifacts:
name: Build artifacts
runs-on: ubuntu-22.04
steps:
- name: Check out repo
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up .NET
uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee # v4.0.1
- name: Publish project
working-directory: src/KeyConnector
run: |
echo "Publish"
dotnet publish -c "Release" -o obj/build-output/publish
cd obj/build-output/publish
zip -r KeyConnector.zip .
mv KeyConnector.zip ../../../
pwd
ls -atlh ../../../
- name: Upload project artifact
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: KeyConnector.zip
path: src/KeyConnector/KeyConnector.zip
if-no-files-found: error
build-docker:
name: Build Docker images
runs-on: ubuntu-22.04
needs: build-artifacts
env:
_AZ_REGISTRY: bitwardenprod.azurecr.io
_PROJECT_NAME: key-connector
steps:
- name: Check out repo
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Log in to Azure
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Log in to ACR
run: az acr login -n ${_AZ_REGISTRY%.azurecr.io}
- name: Generate Docker image tag
id: tag
run: |
IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g") # slash safe branch name
if [[ "$IMAGE_TAG" == "main" ]]; then
IMAGE_TAG=dev
fi
echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT
- name: Generate full image name
id: image-name
env:
IMAGE_TAG: ${{ steps.tag.outputs.image_tag }}
run: echo "name=${_AZ_REGISTRY}/${_PROJECT_NAME}:${IMAGE_TAG}" >> $GITHUB_OUTPUT
- name: Get build artifact
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: KeyConnector.zip
- name: Set up build artifact
run: |
mkdir -p src/KeyConnector/obj/build-output/publish
unzip KeyConnector.zip -d src/KeyConnector/obj/build-output/publish
- name: Build Docker image
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
with:
context: src/KeyConnector
file: src/KeyConnector/Dockerfile
platforms: linux/amd64
push: true
tags: ${{ steps.image-name.outputs.name }}
- name: Scan Docker image
id: container-scan
uses: anchore/scan-action@64a33b277ea7a1215a3c142735a1091341939ff5 # v4.1.2
with:
image: ${{ steps.image-name.outputs.name }}
fail-build: false
output-format: sarif
- name: Upload Grype results to GitHub
uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
with:
sarif_file: ${{ steps.container-scan.outputs.sarif }}