Update dockerfile #70
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Wiz Full Scan | |
| on: | |
| push: | |
| branches: master | |
| paths: | |
| - "**.dockerfile" | |
| - "dockerfile" | |
| - "**.sh" | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest | |
| defaults: | |
| run: | |
| shell: bash | |
| env: | |
| TAG: "ajleal/softether:latest" # Set the tag to use for the image | |
| PLATFORMS: "linux/amd64,linux/amd64/v2,linux/arm64,linux/arm/v7" # Set the platforms to build the image for | |
| steps: | |
| - name: check out repository | |
| uses: actions/[email protected] | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Docker Setup QEMU | |
| uses: docker/[email protected] | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| with: | |
| version: latest | |
| - name: build image locally | |
| run: | | |
| docker build . --tag $TAG | |
| - name: Wiz Full Scan With Default Values # Run both wiz iac and docker scans, and upload the results to Wiz | |
| uses: aleksei-aikashev/wizcli-wrapper@v1 | |
| with: | |
| iac_scan_path: "." | |
| wiz_iac_policy: "Default IaC policy" # IaC scan defaults | |
| wiz_iac_report_name: "ajleal/softether:latest-${{ github.repository }}-${{ github.run_number }}" | |
| wiz_iac_tags: "repo=${{ github.repository }},commit_sha=${{ github.sha }},event_name=${{ github.event_name }},github_workflow=${{ github.workflow }}" | |
| skip_iac_scan: null | |
| # Docker images vulnerability scan defaults | |
| docker_scan_path: "." | |
| wiz_docker_vulnerabilities_policy: "Default vulnerabilities policy" | |
| wiz_docker_report_name: "ajleal/softether:latest" | |
| skip_docker_scan: null | |
| # Common inputs | |
| wiz_client_id: ${{ secrets.WIZ_CLIENT_ID }} | |
| wiz_client_secret: ${{ secrets.WIZ_CLIENT_SECRET }} | |
| - name: build image and push to dockerhub | |
| if: ${{ success() }} | |
| run: | | |
| docker buildx build --push --tag $TAG --platform $PLATFORMS . |