8585
8686 sysdig_dockerfile_cis_benchmark_forwarder :
8787 name : Sysdig Dockerfile CIS benchmark - Forwarder
88- needs : [check_bash_installer, check_yaml, check_dotnet]
88+ needs : [check_yaml, check_dotnet]
8989 runs-on : ubuntu-16.04
9090 steps :
9191 - name : Checkout repo
@@ -117,7 +117,7 @@ jobs:
117117
118118sysdig_dockerfile_cis_benchmark_installer :
119119 name : Sysdig Dockerfile CIS benchmark - Installer
120- needs : [check_bash_installer, check_yaml, check_dotnet ]
120+ needs : [check_bash_installer]
121121 runs-on : ubuntu-16.04
122122 steps :
123123 - name : Checkout repo
@@ -150,7 +150,7 @@ jobs:
150150
151151sysdig_image_scan_forwarder :
152152 name : Sysdig image scan - Forwarder
153- needs : [check_bash_installer, check_yaml, check_dotnet]
153+ needs : [check_yaml, check_dotnet]
154154 runs-on : ubuntu-16.04
155155 steps :
156156 - name : Checkout repo
@@ -165,61 +165,76 @@ jobs:
165165
166166 sysdig_image_scan_installer :
167167 name : Sysdig image scan - Installer
168- needs : [check_bash_installer, check_yaml, check_dotnet ]
168+ needs : [check_bash_installer]
169169 runs-on : ubuntu-16.04
170170 steps :
171171 - name : Checkout repo
172172 uses : actions/checkout@v2
173173 - name : Build the Docker image
174174 run : docker build -f ./build/Dockerfile . --tag sysdiglabs/aks-audit-log-installer
175- - name : Sysdig Secure inline image scan
176- uses : sysdiglabs/scan-action@v2
177- with :
178- image-tag : " sysdiglabs/aks-audit-log-installer"
179- sysdig-secure-token : ${{ secrets.KUBELAB_SECURE_API_TOKEN }}
175+ - name : Pull Sysdig inline scan
176+ run : docker pull sysdiglabs/secure-inline-scan:2
177+ - name : Run Sysdig inline image scan
178+ id : run_sysdig_inline_scan
179+ env :
180+ SYSDIG_SECURE_TOKEN : ${{ secrets.KUBELAB_SECURE_API_TOKEN }}
181+ run : |
182+ docker run sysdiglabs/secure-inline-scan:2 -s https://secure.sysdig.com -k $SYSDIG_SECURE_TOKEN sysdiglabs/aks-audit-log-installer \
183+ | tee sysdig_image_scan_installer_result.txt
184+ SCAN_RESULT=${PIPESTATUS[0]}
185+ echo "::set-output name=SCAN_RESULT::$SCAN_RESULT"
186+ echo "Scan finished with result: $SCAN_RESULT"
187+ name : Scan result
188+ env :
189+ SCAN_RESULT : ${{ steps.run_sysdig_inline_scan.outputs.SCAN_RESULT }}
190+ run : |
191+ cat sysdig_image_scan_installer_result.txt
192+ echo "Scan result: $SCAN_RESULT"
193+ # exit $SCAN_RESULT
194+
180195
181196publish_images :
182- name : Publish container images to registries
183- needs : [check_bash_installer, check_yaml, check_dotnet, sysdig_image_scan, sysdig_image_scan_forwared , sysdig_image_scan_installer]
184- if : github.event_name == 'release'
185- steps :
186- - name : Checkout
187- uses : actions/checkout@v2
188- - name : Set up QEMU
189- uses : docker/setup-qemu-action@v1
190- - name : Set up Docker Buildx
191- uses : docker/setup-buildx-action@v1
192- - name : Login to DockerHub
193- uses : docker/login-action@v1
194- with :
195- username : ${{ secrets.SYSDIGLABS_DOCKERHUB_USER }}
196- password : ${{ secrets.SYSDIGLABS_DOCKERHUB_TOKEN }}
197- # - name: Login to GitHub Container Registry
198- # uses: docker/login-action@v1
199- # with:
200- # registry: ghcr.io
201- # username: ${{ github.repository_owner }}
202- # password : ${{ secrets.CR_PAT }}
203- - name : Prepare version major
204- id : prepare_version_major
205- env :
206- VERSION_FULL : ${{ github.event.release.tag_name }}
207- run : |
208- echo "Version full: $VERSION_FULL"
209- VERSION_MAJOR=$(echo $VERSION_FULL | sed 's/[^0-9]*\([0-9]\+\).*/\1/')
210- echo "Version major: $VERSION_MAJOR"
211- echo "::set-output name=VERSION_MAJOR:: $VERSION_MAJOR"
212-
213- - name : Build and push - Installer
214- uses : docker/build-push-action@v2
215- with :
216- context : .
217- file : ./build/Dockerfile
218- platforms : linux/amd64
219- push : true
220- tags : |
221- sysdiglabs/aks-audit-log-installer:latest
222- sysdiglabs/aks-audit-log-installer:${{ github.event.release.tag_name }}
223- sysdiglabs/aks-audit-log-installer:${{ steps.prepare_version_major.outputs.VERSION_MAJOR }}
224- # ghcr.io/user/app:latest
225- # ghcr.io/user/app:1.0.0
197+ name : Publish container images to registries
198+ needs : [sysdig_image_scan_forwarder , sysdig_image_scan_installer]
199+ runs-on : ubuntu-16.04
200+ if : github.event_name == 'release'
201+ steps :
202+ - name : Checkout
203+ uses : actions/checkout@v2
204+ - name : Set up QEMU
205+ uses : docker/setup-qemu-action@v1
206+ - name : Set up Docker Buildx
207+ uses : docker/setup-buildx-action@v1
208+ - name : Login to DockerHub
209+ uses : docker/login-action@v1
210+ with :
211+ username : ${{ secrets.DOCKERHUB_USERNAME }}
212+ password : ${{ secrets.DOCKERHUB_PASSWORD }}
213+ # - name: Login to GitHub Container Registry
214+ # uses: docker/login-action@v1
215+ # with:
216+ # registry: ghcr.io
217+ # username : ${{ github.repository_owner }}
218+ # password: ${{ secrets.CR_PAT }}
219+ - name : Prepare version major
220+ id : prepare_version_major
221+ env :
222+ VERSION_FULL : ${{ github.event.release.tag_name }}
223+ run : |
224+ echo "Version full: $VERSION_FULL"
225+ VERSION_MAJOR=$( echo $VERSION_FULL | sed 's/[^0-9]*\([0-9]\+\).*/\1/')
226+ echo "Version major: $VERSION_MAJOR"
227+ echo "::set-output name=VERSION_MAJOR::$VERSION_MAJOR"
228+ name : Build and push - Installer
229+ uses : docker/build-push-action@v2
230+ with :
231+ context : .
232+ file : ./build/Dockerfile
233+ platforms : linux/amd64
234+ push : true
235+ tags : |
236+ sysdiglabs/aks-audit-log-installer:latest
237+ sysdiglabs/aks-audit-log-installer:${{ github.event.release.tag_name }}
238+ sysdiglabs/aks-audit-log-installer:${{ steps.prepare_version_major.outputs.VERSION_MAJOR }}
239+
240+ # ghcr.io/sysdiglabs/aks-audit-log-installer:latest
0 commit comments