無くなってた #104
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker ImageBuild And CI | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - release/** | |
| env: | |
| IMAGE_NAME: test | |
| IMAGE_VERSION: 1.0.0 | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_FILE: ./files/Dockerfile | |
| HADOLINT_IMAGE_VERSION: v1.17.6-3-g8da4f4e-alpine | |
| jobs: | |
| docker_file_lint: | |
| runs-on: ubuntu-18.04 | |
| timeout-minutes: 300 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: Set Up | |
| run: | | |
| sudo apt install apt-transport-https gnupg | |
| - name: Print Docker version & info | |
| run: | | |
| docker version && docker info | |
| - name: Lint Dockerfile | |
| run: | | |
| docker container run --rm -i hadolint/hadolint:${HADOLINT_IMAGE_VERSION} < ${DOCKER_FILE} | |
| - name: Image Build | |
| run: | | |
| docker image build -f ${DOCKER_FILE} -t ${IMAGE_NAME}:${IMAGE_VERSION} . | |
| - name: Image Check | |
| run: | | |
| echo "=== ls ===" && docker image ls --no-trunc ${IMAGE_NAME}:${IMAGE_VERSION} | |
| echo "=== history ===" && docker image history --no-trunc ${IMAGE_NAME}:${IMAGE_VERSION} | |
| echo "=== inspect ===" && docker image inspect ${IMAGE_NAME}:${IMAGE_VERSION} | |
| # Follow the installation instructions for Ubuntu. | |
| - name: Install Trivy & Dockle | |
| run: | | |
| TRIVY_VERSION=$(curl --silent "https://api.github.com/repos/jgm/pandoc/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/') | |
| DOCKLE_VERSION=$(curl --silent "https://api.github.com/repos/goodwithtech/dockle/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') | |
| echo "=== Install Trivy ${TRIVY_VERSION} ===" | |
| wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add - | |
| echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -cs) main | sudo tee -a /etc/apt/sources.list.d/trivy.list | |
| sudo apt update | |
| sudo apt install --no-install-recommends trivy | |
| sudo snap install hub --classic | |
| curl -L -o pandoc.deb https://github.com/jgm/pandoc/releases/download/${TRIVY_VERSION}/pandoc-${TRIVY_VERSION}-1-amd64.deb | |
| sudo dpkg -i pandoc.deb && rm pandoc.deb | |
| echo "=== Install Dockle ${DOCKLE_VERSION} ===" | |
| curl -L -o dockle.deb https://github.com/goodwithtech/dockle/releases/download/v${DOCKLE_VERSION}/dockle_${DOCKLE_VERSION}_Linux-64bit.deb | |
| sudo dpkg -i dockle.deb && rm dockle.deb | |
| # A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable. | |
| - name: Exec Trivy | |
| run: | | |
| trivy --version | |
| trivy ${IMAGE_NAME}:${IMAGE_VERSION} | |
| # Container Image Linter for Security, Helping build the Best-Practice Docker Image. | |
| - name: Exec Dockle | |
| run: | | |
| dockle --version | |
| dockle ${IMAGE_NAME}:${IMAGE_VERSION} |