Merge pull request #1 from jpradoar/development #3

Workflow file for this run

.github/workflows/webserver-ci.yaml at bd3ac48

	name: webserver-CI
	on:
	push:
	branches:
	- main
	paths:
	- '06-webserver/**' # Any change in this path, make trigger build action.
	- '.github/workflows/webserver-ci.yaml'

	env:
	REPO_APP: 'mqtt-webserver'
	SLACK_CHANNEL: 'builds-and-ci'
	SLACK_MSG_COLOR: '#0092ff'
	BUILD_CONTEXT: './06-webserver'
	VULN_SEVERITY: 'CRITICAL'
	VULN_TYPE: 'os,library'
	VULN_TIMEOUT_SCAN: '2m0s'
	VULN_OUTPUT_TYPE: 'table'
	VULN_OUTPUT_FILE: 'mqtt-webserver_vuln_scan.txt'
	COMMITER_NAME: 'AutoCommit'

	jobs:
	webserver-CI_build-docker-image:
	runs-on: ubuntu-latest

	steps:

	- name: Checkout
	uses: actions/checkout@v3

	- name: Login to Docker Hub
	uses: docker/login-action@v2
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2

	- name: Show last version of docker-hub image
	id: last_version_remote_file
	run: \|
	LastVersion=$(curl -s "https://hub.docker.com/v2/repositories/jpradoar/${{ env.REPO_APP }}/tags/?page_size=2" \| jq -r '.results[].name'\|sort -M\|grep -v latest\|tail -1)
	echo "LAST_VERSION=$LastVersion " >> "$GITHUB_OUTPUT"

	- name: Generate new version with semantic version
	id: nversion
	uses: jpradoar/[email protected]
	with:
	COMMIT_MSG: ${{ github.event.head_commit.message }}
	VERSION: ${{ steps.last_version_remote_file.outputs.LAST_VERSION }}

	- name: Build and push
	uses: docker/build-push-action@v4
	with:
	context: ${{ env.BUILD_CONTEXT }}
	push: true
	tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.REPO_APP }}:${{ steps.nversion.outputs.NEW_VERSION }}

	- name: Run Trivy vulnerability scanner
	id: vulnscan
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: 'jpradoar/${{ env.REPO_APP }}:${{ steps.nversion.outputs.NEW_VERSION }}'
	format: ${{ env.VULN_FORMAT }}
	vuln-type: ${{ env.VULN_TYPE }}
	severity: ${{ env.VULN_SEVERITY }}
	timeout: ${{ env.VULN_TIMEOUT_SCAN }}
	output: vuln_scans/${{ env.VULN_OUTPUT_FILE }}
	#exit-code: '1'

	- uses: EndBug/add-and-commit@v9
	with:
	message: 'AutoCommit: Add table file'
	add: ./vuln_scans/${{ env.VULN_OUTPUT_FILE }}
	committer_name: ${{ env.COMMITER_NAME }}

	- name: Slack Notification
	uses: rtCamp/action-slack-notify@v2
	env:
	SLACK_CHANNEL: ${{ env.SLACK_CHANNEL }}
	SLACK_COLOR: ${{ env.SLACK_MSG_COLOR }}
	SLACK_MESSAGE: 'URL: https://hub.docker.com/repository/docker/${{ secrets.DOCKERHUB_USERNAME }}/${{ env.REPO_APP }}'
	SLACK_TITLE: ':rocket: GithubAction Build docker image: [ ${{ env.REPO_APP }}:${{ steps.nversion.outputs.NEW_VERSION }} ]'
	SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #1 from jpradoar/development #3

Workflow file

Merge pull request #1 from jpradoar/development #3

Jobs

Run details

Workflow file for this run