1+ name : Release adaptor container image
2+
3+ on :
4+ push :
5+ branches :
6+ - test-sbom
7+
8+ jobs :
9+ reusable_workflow_job :
10+ name : Push Docker image
11+ runs-on : ubuntu-latest
12+ steps :
13+ - name : Check out the repo
14+ uses : actions/checkout@v4
15+ - name : Set up Docker Buildx
16+ uses : docker/setup-buildx-action@v3
17+ - name : Extract metadata (tags, labels) for Docker
18+ id : meta
19+ uses : docker/metadata-action@v5
20+ with :
21+ images : |
22+ nhsdev/${{ inputs.dockerhub_name }}
23+ tags : |
24+ type=semver,pattern={{version}}
25+ flavor : |
26+ latest=false
27+ labels : |
28+ org.opencontainers.image.source=https://github.com/${{ github.repository }}/blob/${{ github.ref_name }}/docker/${{ inputs.folder }}/Dockerfile
29+ name : Log in to the Container registry
30+ uses : docker/login-action@v3
31+ with :
32+ username : ${{ secrets.DOCKERHUB_USERNAME }}
33+ password : ${{ secrets.DOCKERHUB_TOKEN }}
34+ - name : Build and push Docker images
35+ uses : docker/build-push-action@v5
36+ with :
37+ context : .
38+ file : docker/${{ inputs.folder }}/Dockerfile
39+ push : true
40+ tags : ${{ steps.meta.outputs.tags }}
41+ labels : ${{ steps.meta.outputs.labels }}
42+ platforms : linux/arm64/v8,linux/amd64
43+ load : true
44+
45+ - name : syft
46+ uses : anchore/sbom-action@v0
47+ with :
48+ image : ${{ fromJSON(steps.meta.outputs.tags)[0] }}
49+ format : spdx-json
50+ output-file : sbom.spdx.json
51+
52+ - name : grype
53+ uses : anchore/scan-action@v0
54+ with :
55+ image : ${{ fromJSON(steps.meta.outputs.tags)[0] }}
56+ output-file : vulnerabilities.json
57+ fail-on-severity : high
58+
59+ - name : Upload security reports as artifacts
60+ uses : actions/upload-artifact@v4
61+ with :
62+ name : security-reports
63+ path : |
64+ sbom.spdx.json
65+ vulnerabilities.json
0 commit comments