-
Notifications
You must be signed in to change notification settings - Fork 158
52 lines (47 loc) · 1.67 KB
/
build-acr-aci-helloworld-scanner.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
name: acr-aci-helloworld-scanner
on:
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: azure/docker-login@v1
with:
login-server: ${{ secrets.AZ_ACR_NAME }}
username: ${{ secrets.AZ_ACR_USERNAME }}
password: ${{ secrets.AZ_ACR_PASSWORD }}
- name: Build the Docker image
env:
ACR_NAME: ${{ secrets.AZ_ACR_NAME }}
run: |
ls -l
cd apps/aci-helloworld-scanner
echo "github.sha=$GITHUB_SHA"
ls -l
echo "Running docker build "
docker build . --tag $ACR_NAME/aci-helloworld-scanner:${{ github.sha }}
- uses: Azure/container-scan@v0
name: Scan image for vulnerabilities
env:
ACR_NAME: ${{ secrets.AZ_ACR_NAME }}
id: container-scan
continue-on-error: true
with:
image-name: ${{ secrets.AZ_ACR_NAME }}/aci-helloworld-scanner:${{ github.sha }}
- name: Build the Docker image
env:
ACR_NAME: ${{ secrets.AZ_ACR_NAME }}
run: |
echo "Tagging with latest"
docker tag $ACR_NAME/aci-helloworld-scanner:${{ github.sha }} $ACR_NAME/aci-helloworld-scanner:latest
echo "Pushing image"
docker push $ACR_NAME/aci-helloworld-scanner:${{ github.sha }}
docker push $ACR_NAME/aci-helloworld-scanner:latest
echo "Done"
- name: Post logs to appinsights
uses: Azure/publish-security-assessments@v0
with:
scan-results-path: ${{ steps.container-scan.outputs.scan-report-path }}
connection-string: ${{ secrets.AZ_APPINSIGHTS_CONNECTION_STRING }}
subscription-token: ${{ secrets.AZ_SUBSCRIPTION_TOKEN }}