Skip to content
Build

Build #3

Sign in to view logs

Build

Build #3

Workflow file for this run

.github/workflows/ci.yaml at d4e2c3f
---
name: "Build"
on:
workflow_dispatch:
push:
branches:
- main
paths:
- Dockerfile
- .github/workflows/ci.yaml
permissions:
contents: 'read'
id-token: 'write'
packages: write
jobs:
scan:
runs-on: ubuntu-latest
name: "[SCAN] kics"
steps:
- name: Mkdir results-dir
run: mkdir -p results-dir
- name: Checkout
uses: actions/checkout@v3
- name: 'run kics Scan'
uses: checkmarx/[email protected]
with:
path: .
token: ${{ secrets.GITHUB_TOKEN }}
enable_comments: true
exclude_queries: 'd3499f6d-1651-41bb-a9a7-de925fea487b'
# output_path: results-dir
# - name: Upload SARIF file
# uses: github/codeql-action/upload-sarif@v3
# with:
# sarif_file: results-dir/results.sarif
packaging:
env:
VERSION: '1.0.0'
LATEST: true
needs: scan
runs-on: ubuntu-latest
name: "[Build] Yaml Lint"
steps:
- name: Checkout
uses: "actions/checkout@v3"
- name: Login to GitHub Container Registry
uses: 'docker/login-action@v1'
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GH_REPOSITORY_TOKEN }}
- name: Process builder
shell: bash
run: |
echo "build_date=$(date -u +"%Y-%m-%dT%H:%M:%SZ")" >> $GITHUB_ENV
- name: Set up Depot CLI
uses: 'depot/setup-action@v1'
- name: Build and Push Package
uses: 'depot/build-push-action@v1'
with:
project: ${{ secrets.DEPOT_PROJECT_ID }}
token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
push: true
provenance: false
sbom: false
platforms: linux/amd64,linux/arm64
tags: |
ghcr.io/devgine/yamllint:${{ env.VERSION }}
${{ env.LATEST && 'ghcr.io/devgine/yamllint:latest' || ''}}
context: .
file: Dockerfile
build-args: |
VCS_REF=${{ github.sha }}
BUILD_DATE=${{ env.build_date }}
BUILD_VERSION=v${{ env.VERSION }}
IMAGE_TAG=ghcr.io/devgine/yamllint:${{ env.VERSION }}