donotdelete-generic-brazilsouth-prod/.github/workflows/docker-image-2.yaml at main · auth-push-test-org/donotdelete-generic-brazilsouth-prod · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
name: Docker Image CI BrazilSouth 2

# Controls when the workflow will run
on:
  # Triggers the workflow on push or pull request events but only for the "main" branch
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # This workflow contains a single job called "build"
  build:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest
    permissions:
      id-token: write

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # - name: security-devops-action
      #   uses: microsoft/security-devops-action@v1.10.0
      #   with:
      #     # The command to run. Defaults to run.
      #     command: run # optional, default is all
      #     # A comma separated list of analyzer to run. Example bandit, binskim, container-mapping, eslint, templateanalyzer, terrascan, trivy.
      #     tools: trivy # , bandit, binskim #, container-mapping, eslint, templateanalyzer, terrascan
      #   env:
      #     DfdBackendServiceEnvironment: "PPE"
      #     #MSDO_VERSION: '0.200.0'

      - name: Checkout current repository
        uses: actions/checkout@v4

      - name: build-docker-image-and-do-msdo-test
        shell: bash
        env:
          GDN_NUGET_SOURCE_FEED_OVERRIDE: https://pkgs.dev.azure.com/msdoustest/msdo/_packaging/msdotestfeed2/nuget/v3/index.json

        run: |
          echo ${{secrets.DOCKER_PASSWORD_CONTAINERS}} | docker login --username ${{secrets.DOCKER_USERNAME_CONTAINERS}} --password-stdin ${{secrets.DOCKER_REGISTRY_CONTAINERS}}
          docker build -t ${{vars.IMAGE_NAME}} .
          docker tag ${{vars.IMAGE_NAME}} ${{secrets.DOCKER_REGISTRY_CONTAINERS}}/yonitestgithub:V${{github.run_number}}
          docker tag ${{vars.IMAGE_NAME}} ${{vars.IMAGE_TARGET}}:latest
          docker push  ${{secrets.DOCKER_REGISTRY_CONTAINERS}}/yonitestgithub:V${{github.run_number}}
          curl -L -o defender https://cli.dfd.security.stage.azure-test.net/public/latest/Defender_linux-x64
          chmod +x defender
          ./defender scan image ${{secrets.DOCKER_REGISTRY_CONTAINERS}}/yonitestgithub:V${{github.run_number}}