Skip to content

[deps]: Update gh minor #722

[deps]: Update gh minor

[deps]: Update gh minor #722

Workflow file for this run

name: Build
on:
workflow_dispatch:
push:
branches:
- "main"
pull_request:
jobs:
build-artifacts:
name: Build artifacts
runs-on: ubuntu-22.04
steps:
- name: Check out repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up .NET
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25 # v4.1.0
- name: Publish project
working-directory: src/KeyConnector
run: |
echo "Publish"
dotnet publish -c "Release" -o obj/build-output/publish
cd obj/build-output/publish
zip -r KeyConnector.zip .
mv KeyConnector.zip ../../../
pwd
ls -atlh ../../../
- name: Upload project artifact
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: KeyConnector.zip
path: src/KeyConnector/KeyConnector.zip
if-no-files-found: error
build-docker:
name: Build Docker images
runs-on: ubuntu-22.04
needs: build-artifacts
env:
_AZ_REGISTRY: bitwardenprod.azurecr.io
_PROJECT_NAME: key-connector
steps:
- name: Check out repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Log in to Azure
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
with:
creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
- name: Log in to ACR
run: az acr login -n ${_AZ_REGISTRY%.azurecr.io}
- name: Generate Docker image tag
id: tag
run: |
IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g") # slash safe branch name
if [[ "$IMAGE_TAG" == "main" ]]; then
IMAGE_TAG=dev
fi
echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT
- name: Generate full image name
id: image-name
env:
IMAGE_TAG: ${{ steps.tag.outputs.image_tag }}
run: echo "name=${_AZ_REGISTRY}/${_PROJECT_NAME}:${IMAGE_TAG}" >> $GITHUB_OUTPUT
- name: Get build artifact
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: KeyConnector.zip
- name: Set up build artifact
run: |
mkdir -p src/KeyConnector/obj/build-output/publish
unzip KeyConnector.zip -d src/KeyConnector/obj/build-output/publish
- name: Build Docker image
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
with:
context: src/KeyConnector
file: src/KeyConnector/Dockerfile
platforms: linux/amd64
push: true
tags: ${{ steps.image-name.outputs.name }}
- name: Scan Docker image
id: container-scan
uses: anchore/scan-action@f2ba85e044c8f5e5014c9a539328a9c78d3bfa49 # v5.2.1
with:
image: ${{ steps.image-name.outputs.name }}
fail-build: false
output-format: sarif
- name: Upload Grype results to GitHub
uses: github/codeql-action/upload-sarif@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3
with:
sarif_file: ${{ steps.container-scan.outputs.sarif }}