Skip to content
Docker Build and Push - MwhSampleWeb

deps: Bump Microsoft.EntityFrameworkCore and Microsoft.EntityFrameworkCore.InMemory #215

Sign in to view logs

deps: Bump Microsoft.EntityFrameworkCore and Microsoft.EntityFrameworkCore.InMemory

deps: Bump Microsoft.EntityFrameworkCore and Microsoft.EntityFrameworkCore.InMemory #215

Workflow file for this run

.github/workflows/docker-image.yml at b4e2974
name: Docker Build and Push - MwhSampleWeb
on:
push:
branches: [main]
paths-ignore:
- README.md
- .vscode/**
- .gitignore
pull_request:
branches: [main]
paths-ignore:
- README.md
- .vscode/**
- .gitignore
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Debug - List workspace structure
run: |
echo "=== Workspace Root ==="
ls -la
echo ""
echo "=== Project Directories ==="
ls -la */
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Lint Dockerfile
run: docker run --rm -i hadolint/hadolint hadolint --ignore DL3008 - < ./Mwh.Sample.Web/Dockerfile
- name: Cache Docker layers
id: docker-cache
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}-${{ hashFiles('**/Dockerfile', '**/Mwh.Sample.Web/**/*') }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Show Docker info
run: docker info
- name: Show Buildx version
run: docker buildx version
- name: Extract metadata for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ secrets.DOCKERHUB_USERNAME }}/mwhsampleweb
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=sha,prefix={{branch}}-
type=ref,event=pr
type=semver,pattern={{version}}
- name: Build and push
id: docker_image
uses: docker/build-push-action@v6
with:
context: .
file: ./Mwh.Sample.Web/Dockerfile
push: true
pull: true
tags: |
${{ secrets.DOCKERHUB_USERNAME }}/mwhsampleweb:latest
${{ secrets.DOCKERHUB_USERNAME }}/mwhsampleweb:${{ github.run_number }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
provenance: false
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Test Docker image locally
run: |
docker run --rm -d --name test-container \
-p 8080:80 \
${{ secrets.DOCKERHUB_USERNAME }}/mwhsampleweb:latest
sleep 10
curl -f http://localhost:8080 || echo "Health check failed"
docker stop test-container
- name: Run Trivy vulnerability scanner
id: trivy-scan
uses: aquasecurity/trivy-action@master
continue-on-error: true
with:
image-ref: ${{ secrets.DOCKERHUB_USERNAME }}/mwhsampleweb:latest
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH'
- name: Upload Trivy results to GitHub Security
uses: github/codeql-action/upload-sarif@v3
if: always() && steps.trivy-scan.outcome == 'success'
with:
sarif_file: 'trivy-results.sarif'
- name: Generate Trivy report
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ secrets.DOCKERHUB_USERNAME }}/mwhsampleweb:latest
format: 'table'
output: 'trivy-report.txt'
continue-on-error: true
- name: Cleanup
if: always()
run: |
docker builder prune -f
docker system prune -f
- name: Output image information
run: |
echo "### Docker Image Information" >> $GITHUB_STEP_SUMMARY
echo "- **Image**: ${{ secrets.DOCKERHUB_USERNAME }}/mwhsampleweb:latest" >> $GITHUB_STEP_SUMMARY
echo "- **Tag**: ${{ github.run_number }}" >> $GITHUB_STEP_SUMMARY
echo "- **Digest**: ${{ steps.docker_image.outputs.digest }}" >> $GITHUB_STEP_SUMMARY