-
Notifications
You must be signed in to change notification settings - Fork 375
Expand file tree
/
Copy pathrelease-docker-github-actions.yaml
More file actions
87 lines (84 loc) · 3.69 KB
/
Copy pathrelease-docker-github-actions.yaml
File metadata and controls
87 lines (84 loc) · 3.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
name: release-docker-github-action
on:
workflow_dispatch:
inputs:
version:
description: "Version To push"
required: true
permissions:
contents: read
jobs:
push_to_registry:
name: Push Docker GitHub Actions image to Docker Hub
runs-on: cx-public-ubuntu-x64
steps:
- name: Check out the repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Check out the tag
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.inputs.version }}
- name: Set up QEMU
uses: step-security/setup-qemu-action@109c6ed9f089be1a250c75fd6a534e30df44e030 # v4.0.0
with:
image: tonistiigi/binfmt:latest
platforms: linux/amd64,linux/arm64
- name: Set up Docker Buildx
uses: step-security/setup-buildx-action@f931205d68723ad9589fd2a7e2ece238bf9de341 # v4.0.0
- name: Login to DockerHub
uses: step-security/docker-login-action@870af644803bf9f204aed474adbad2958fec048b # v4.1.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Get current date
run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV
- name: Docker meta
id: meta
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
with:
images: "checkmarx/kics"
labels: |
org.opencontainers.image.title=KICS
org.opencontainers.image.version=${{ github.event.inputs.version }}
org.opencontainers.image.vendor=Checkmarx
org.opencontainers.image.authors=KICS
org.opencontainers.image.description=Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
org.opencontainers.image.documentation=https://docs.kics.io
org.opencontainers.image.url=https://github.com/Checkmarx/kics
org.opencontainers.image.source=https://github.com/Checkmarx/kics
org.opencontainers.image.licenses=Apache-2.0
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.created=${{ env.CREATED_AT }}
- name: Push Github Action Image to Docker Hub
uses: step-security/docker-build-push-action@846549baaf047e867d038826129a64d81df0f704 # v7.1.0
id: build_gh_action
with:
context: .
push: true
platforms: linux/amd64,linux/arm64
tags: checkmarx/kics:gh-action-kics2.0
build-args: |
VERSION=${{ github.event.inputs.version }}
COMMIT=${{ github.sha }}
SENTRY_DSN=${{ secrets.SENTRY_DSN }}
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
labels: ${{ steps.meta.outputs.labels }}
- name: Check out the repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Create Pull Request
uses: step-security/create-pull-request@50c103da2b9ca12cd5bc013fc6931051a5aa872b # v8.1.1
with:
title: "docs(kicsbot): update images digest"
token: ${{ secrets.KICS_BOT_PAT }}
commit-message: "docs(kicsbot): update github-action image digest"
delete-branch: true
branch: feature/kicsbot-update-gh-actions-digest
body: |
**Automated Changes**
Updating docker github-action image digest
Triggered by SHA: _${{ github.sha }}_
labels: documentation