1.0.63 Update Hadolint Scan Action #56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Define the name of your workflow. | |
| name: build-scan-push-to-dockerhub | |
| # Specify when this workflow should run (on a push event to the 'main' branch). | |
| on: | |
| push: | |
| branches: ["main"] | |
| # Define environment variables for better organization. | |
| env: | |
| DATABASE_CONTAINER_NAME: "database" | |
| DATABASE_ADMIN_CONTAINER_NAME: "database_admin" | |
| LDAP_CONTAINER_NAME: "ldap" | |
| LDAP_ADMIN_CONTAINER_NAME: "ldap_admin" | |
| WEB_CONTAINER_NAME: "www" | |
| jobs: | |
| docker: | |
| runs-on: ubuntu-latest | |
| # Define permissions for specific actions | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| # Step 1: Prepare the runner and check out the codebase. | |
| - name: Check out the codebase | |
| uses: actions/checkout@main | |
| # Step 2: Get the version from a file and set it as an environment variable. | |
| - name: Get version from version file | |
| id: get_version | |
| run: | | |
| echo "Version: $(cat version)" | |
| VERSION=$(cat version) | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| shell: bash | |
| # Step 3: Set up QEMU on the runner. | |
| - name: Set up QEMU on the runner | |
| uses: docker/setup-qemu-action@master | |
| # Step 4: Set up Docker Buildx on the runner. | |
| - name: Set up Docker Buildx on the runner | |
| uses: docker/setup-buildx-action@master | |
| # Step 5: Login to Docker Hub using secrets for authentication. | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@master | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| # ---------------------------------------------------------------------------- | |
| # Database Container | |
| # ---------------------------------------------------------------------------- | |
| - | |
| name: Build and Export Database Container to Docker | |
| uses: docker/build-push-action@master | |
| with: | |
| context: . | |
| file: .build/${{ env.DATABASE_CONTAINER_NAME }}/Dockerfile | |
| load: true | |
| tags: webpwnized/mutillidae:${{ env.DATABASE_CONTAINER_NAME }} | |
| - | |
| name: Run Trivy vulnerability scanner on Database Container | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'webpwnized/mutillidae:${{ env.DATABASE_CONTAINER_NAME }}' | |
| format: 'sarif' | |
| output: '${{ env.DATABASE_CONTAINER_NAME }}-trivy-scan-results.sarif' | |
| - | |
| name: Upload Database Container Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@main | |
| with: | |
| sarif_file: '${{ env.DATABASE_CONTAINER_NAME }}-trivy-scan-results.sarif' | |
| category: ${{ env.DATABASE_CONTAINER_NAME }} | |
| - | |
| name: Build and push Database container | |
| uses: docker/build-push-action@master | |
| with: | |
| context: . | |
| file: .build/${{ env.DATABASE_CONTAINER_NAME }}/Dockerfile | |
| push: true | |
| tags: webpwnized/mutillidae:${{ env.DATABASE_CONTAINER_NAME }} | |
| - | |
| name: Build and push Database container with version number | |
| uses: docker/build-push-action@master | |
| with: | |
| context: . | |
| file: .build/${{ env.DATABASE_CONTAINER_NAME }}/Dockerfile | |
| push: true | |
| tags: webpwnized/mutillidae:${{ env.DATABASE_CONTAINER_NAME }}-${{ env.VERSION }} | |
| # ---------------------------------------------------------------------------- | |
| # Database Admin Container | |
| # ---------------------------------------------------------------------------- | |
| - | |
| name: Build and Export Database Admin Container to Docker | |
| uses: docker/build-push-action@master | |
| with: | |
| context: . | |
| file: .build/${{ env.DATABASE_ADMIN_CONTAINER_NAME }}/Dockerfile | |
| load: true | |
| tags: webpwnized/mutillidae:${{ env.DATABASE_ADMIN_CONTAINER_NAME }} | |
| - | |
| name: Run Trivy vulnerability scanner on Database Admin Container | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'webpwnized/mutillidae:${{ env.DATABASE_ADMIN_CONTAINER_NAME }}' | |
| format: 'sarif' | |
| output: '${{ env.DATABASE_ADMIN_CONTAINER_NAME }}-trivy-scan-results.sarif' | |
| - | |
| name: Upload Database Admin Container Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@main | |
| with: | |
| sarif_file: '${{ env.DATABASE_ADMIN_CONTAINER_NAME }}-trivy-scan-results.sarif' | |
| category: ${{ env.DATABASE_ADMIN_CONTAINER_NAME }} | |
| - | |
| name: Build and push Database Admin Container | |
| uses: docker/build-push-action@master | |
| with: | |
| context: . | |
| file: .build/${{ env.DATABASE_ADMIN_CONTAINER_NAME }}/Dockerfile | |
| push: true | |
| tags: webpwnized/mutillidae:${{ env.DATABASE_ADMIN_CONTAINER_NAME }} | |
| - | |
| name: Build and push Database Admin Container with version number | |
| uses: docker/build-push-action@master | |
| with: | |
| context: . | |
| file: .build/${{ env.DATABASE_ADMIN_CONTAINER_NAME }}/Dockerfile | |
| push: true | |
| tags: webpwnized/mutillidae:${{ env.DATABASE_ADMIN_CONTAINER_NAME }}-${{ env.VERSION }} | |
| # ---------------------------------------------------------------------------- | |
| # LDAP Container | |
| # ---------------------------------------------------------------------------- | |
| - | |
| name: Build and Export LDAP Container to Docker | |
| uses: docker/build-push-action@master | |
| with: | |
| context: . | |
| file: .build/${{ env.LDAP_CONTAINER_NAME }}/Dockerfile | |
| load: true | |
| tags: webpwnized/mutillidae:${{ env.LDAP_CONTAINER_NAME }} | |
| - | |
| name: Run Trivy vulnerability scanner on LDAP Container | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'webpwnized/mutillidae:${{ env.LDAP_CONTAINER_NAME }}' | |
| format: 'sarif' | |
| output: '${{ env.LDAP_CONTAINER_NAME }}-trivy-scan-results.sarif' | |
| - | |
| name: Upload LDAP Container Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@main | |
| with: | |
| sarif_file: '${{ env.LDAP_CONTAINER_NAME }}-trivy-scan-results.sarif' | |
| category: ${{ env.LDAP_CONTAINER_NAME }} | |
| - | |
| name: Build and push LDAP Container | |
| uses: docker/build-push-action@master | |
| with: | |
| context: . | |
| file: .build/${{ env.LDAP_CONTAINER_NAME }}/Dockerfile | |
| push: true | |
| tags: webpwnized/mutillidae:${{ env.LDAP_CONTAINER_NAME }} | |
| - | |
| name: Build and push LDAP Container with version number | |
| uses: docker/build-push-action@master | |
| with: | |
| context: . | |
| file: .build/${{ env.LDAP_CONTAINER_NAME }}/Dockerfile | |
| push: true | |
| tags: webpwnized/mutillidae:${{ env.LDAP_CONTAINER_NAME }}-${{ env.VERSION }} | |
| # ---------------------------------------------------------------------------- | |
| # LDAP Admin Container | |
| # ---------------------------------------------------------------------------- | |
| - | |
| name: Build and Export LDAP Admin Container to Docker | |
| uses: docker/build-push-action@master | |
| with: | |
| context: . | |
| file: .build/${{ env.LDAP_ADMIN_CONTAINER_NAME }}/Dockerfile | |
| load: true | |
| tags: webpwnized/mutillidae:${{ env.LDAP_ADMIN_CONTAINER_NAME }} | |
| - | |
| name: Run Trivy vulnerability scanner on LDAP Admin Container | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'webpwnized/mutillidae:${{ env.LDAP_ADMIN_CONTAINER_NAME }}' | |
| format: 'sarif' | |
| output: '${{ env.LDAP_ADMIN_CONTAINER_NAME }}-trivy-scan-results.sarif' | |
| - | |
| name: Upload LDAP Admin Container Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@main | |
| with: | |
| sarif_file: '${{ env.LDAP_ADMIN_CONTAINER_NAME }}-trivy-scan-results.sarif' | |
| category: ${{ env.LDAP_ADMIN_CONTAINER_NAME }} | |
| - | |
| name: Build and push LDAP Admin Container | |
| uses: docker/build-push-action@master | |
| with: | |
| context: . | |
| file: .build/${{ env.LDAP_ADMIN_CONTAINER_NAME }}/Dockerfile | |
| push: true | |
| tags: webpwnized/mutillidae:${{ env.LDAP_ADMIN_CONTAINER_NAME }} | |
| - | |
| name: Build and push LDAP Admin Container with version number | |
| uses: docker/build-push-action@master | |
| with: | |
| context: . | |
| file: .build/${{ env.LDAP_ADMIN_CONTAINER_NAME }}/Dockerfile | |
| push: true | |
| tags: webpwnized/mutillidae:${{ env.LDAP_ADMIN_CONTAINER_NAME }}-${{ env.VERSION }} | |
| # ---------------------------------------------------------------------------- | |
| # Web Container | |
| # ---------------------------------------------------------------------------- | |
| - | |
| name: Build and Export Web Container to Docker | |
| uses: docker/build-push-action@master | |
| with: | |
| context: . | |
| file: .build/${{ env.WEB_CONTAINER_NAME}}/Dockerfile | |
| load: true | |
| tags: webpwnized/mutillidae:${{ env.WEB_CONTAINER_NAME}} | |
| - | |
| name: Run Trivy vulnerability scanner on Web Container | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'webpwnized/mutillidae:${{ env.WEB_CONTAINER_NAME}}' | |
| format: 'sarif' | |
| output: '${{ env.WEB_CONTAINER_NAME}}-trivy-scan-results.sarif' | |
| - | |
| name: Upload Web Container Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@main | |
| with: | |
| sarif_file: '${{ env.WEB_CONTAINER_NAME}}-trivy-scan-results.sarif' | |
| category: ${{ env.WEB_CONTAINER_NAME }} | |
| - | |
| name: Build and push Web Container | |
| uses: docker/build-push-action@master | |
| with: | |
| context: . | |
| file: .build/${{ env.WEB_CONTAINER_NAME}}/Dockerfile | |
| push: true | |
| tags: webpwnized/mutillidae:${{ env.WEB_CONTAINER_NAME}} | |
| - | |
| name: Build and push Web Container with version number | |
| uses: docker/build-push-action@master | |
| with: | |
| context: . | |
| file: .build/${{ env.WEB_CONTAINER_NAME}}/Dockerfile | |
| push: true | |
| tags: webpwnized/mutillidae:${{ env.WEB_CONTAINER_NAME}}-${{ env.VERSION }} |