Skip to content

Commit

Permalink
feat: adds image scanning between build and push
Browse files Browse the repository at this point in the history 
Signed-off-by: Jennifer Power <[email protected]>
  • Loading branch information
@jpower432
jpower432 committed Dec 5, 2023
1 parent 970c9ea commit 1fa6cda
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions .github/workflows/publish.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,20 @@ jobs:
run: echo "TAG=$INPUT_VERSION" >> "$GITHUB_ENV"
env:
INPUT_VERSION: ${{ github.event.inputs.tag }}

- name: Build and export to Docker
uses: docker/build-push-action@v5
with:
load: true
tags: ${{ env.IMAGE_REGISTRY }}/${{ vars.QUAY_ORG }}/${{ env.IMAGE_NAME }}:${{ env.TAG }}

- name: Pre-push Image Scan
uses: aquasecurity/[email protected]
with:
image-ref: ${{ env.IMAGE_REGISTRY }}/${{ vars.QUAY_ORG }}/${{ env.IMAGE_NAME }}:${{ env.TAG }}
exit-code: 1
scanners: secret
severity: HIGH,CRITICAL,MEDIUM

- name: Build and Push
uses: docker/build-push-action@v5
Expand Down

0 comments on commit 1fa6cda

Please sign in to comment.