Minor reformatting of lines #90

Workflow file for this run

	name: OasisUI Build

	on:
	push:
	workflow_dispatch:
	inputs:
	docker_push:
	description: 'Push the docker image to dockerhub and outout reference'
	required: false
	default: 'false'
	cve_severity:
	description: 'Severities of vulnerabilities to scanned for, fails build if any found'
	required: false
	default: 'CRITICAL,HIGH'
	#app_image_repo:
	# description: 'Docker hub image repository'
	# required: false
	# default: 'coreoasis/github-actions'
	#app_image_tag:
	# description: 'Docker tag for image'
	# required: false
	# default: ''
	#proxy_image_repo:
	# description: 'Docker hub image repository'
	# required: false
	# default: 'coreoasis/github-actions'
	#proxy_image_tag:
	# description: 'Docker tag for image'
	# required: false
	# default: ''


	workflow_call:
	inputs:
	docker_push:
	description: 'Push the docker image to dockerhub and outout reference'
	required: false
	default: 'false'
	type: string
	cve_severity:
	description: 'Severities of vulnerabilities to scanned for, fails build if any found'
	required: false
	default: 'CRITICAL,HIGH'
	type: string
	app_image_repo:
	description: 'Docker hub image repository'
	required: false
	default: 'coreoasis/github-actions'
	type: string
	app_image_tag:
	description: 'Docker tag for image'
	required: false
	default: ''
	type: string
	proxy_image_repo:
	description: 'Docker hub image repository'
	required: false
	default: 'coreoasis/github-actions'
	type: string
	proxy_image_tag:
	description: 'Docker tag for image'
	required: false
	default: ''
	type: string

	outputs:
	app_image:
	description:
	value: ${{ jobs.shiny_app.outputs.image }}

	proxy_image:
	description:
	value: ${{ jobs.shiny_proxy.outputs.image }}



	jobs:
	shiny_app:
	env:
	IMAGE_TAG: 'oasisui_app-${{ github.sha }}'
	IMAGE_REPO: 'coreoasis/github-actions'
	DOCKERFILE: 'docker/Dockerfile.oasisui_app'
	SEVERITY: 'CRITICAL,HIGH'
	runs-on: ubuntu-latest
	outputs:
	image: ${{ steps.docker_push.outputs.image }}
	steps:
	- name: Set inputs
	if: github.event_name != 'push'
	run: \|
	echo "SEVERITY=${{ inputs.cve_severity }}" >> $GITHUB_ENV
	[[ -z "${{ inputs.app_image_tag }}" ]] \|\| echo "IMAGE_TAG=${{ inputs.app_image_tag }}" >> $GITHUB_ENV
	[[ -z "${{ inputs.app_image_repo }}" ]] \|\| echo "IMAGE_REPO=${{ inputs.app_image_repo }}" >> $GITHUB_ENV

	- name: Github context
	run: echo "$GITHUB_CONTEXT"
	shell: bash
	env:
	GITHUB_CONTEXT: ${{ toJson(github) }}

	- uses: actions/checkout@v3
	with:
	ref: ${{ github.ref_name }}

	- name: Docker Build
	run: \|
	echo "Build from Branch ${{ github.ref_name }}"
	docker build -f ${{ env.DOCKERFILE }} --pull --build-arg REF_BRANCH=${{ github.ref_name }} -t ${{ env.IMAGE_REPO }}:${{ env.IMAGE_TAG }} .

	#Trivy Scan
	- name: Trivy vulnerability scanner
	if: env.SEVERITY != ''
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: ${{ env.IMAGE_REPO }}:${{ env.IMAGE_TAG }}
	format: 'table'
	scan-type: 'image'
	exit-code: '1'
	ignore-unfixed: true
	severity: ${{ env.SEVERITY }}
	scanners: 'vuln'
	output: 'app_image.txt'

	- name: Store CVE report
	if: always()
	uses: actions/upload-artifact@v3
	with:
	name: app_image_scan
	path: ./app_image.txt
	retention-days: 3

	- name: Login to Docker Hub
	if: inputs.docker_push == 'true'
	uses: docker/login-action@v2
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Docker push
	id: docker_push
	if: inputs.docker_push == 'true'
	run: \|
	docker push ${{ env.IMAGE_REPO }}:${{ env.IMAGE_TAG }}
	echo "image=${{ env.IMAGE_REPO }}:${{ env.IMAGE_TAG }}" >> $GITHUB_OUTPUT

	shiny_proxy:
	runs-on: ubuntu-latest
	env:
	IMAGE_TAG: 'oasisui_proxy-${{ github.sha }}'
	IMAGE_REPO: 'coreoasis/github-actions'
	DOCKERFILE: 'docker/Dockerfile.oasisui_proxy'
	SEVERITY: 'CRITICAL,HIGH'
	outputs:
	image: ${{ steps.docker_push.outputs.image }}
	steps:
	- name: Set inputs
	if: github.event_name != 'push'
	run: \|
	echo "SEVERITY=${{ inputs.cve_severity }}" >> $GITHUB_ENV
	[[ -z "${{ inputs.proxy_image_tag }}" ]] \|\| echo "IMAGE_TAG=${{ inputs.proxy_image_tag }}" >> $GITHUB_ENV
	[[ -z "${{ inputs.proxy_image_repo }}" ]] \|\| echo "IMAGE_REPO=${{ inputs.proxy_image_repo }}" >> $GITHUB_ENV

	- name: Github context
	run: echo "$GITHUB_CONTEXT"
	shell: bash
	env:
	GITHUB_CONTEXT: ${{ toJson(github) }}

	- uses: actions/checkout@v3
	with:
	ref: ${{ github.ref_name }}

	- name: Docker Build
	run: \|
	docker build -f ${{ env.DOCKERFILE }} -t ${{ env.IMAGE_REPO }}:${{ env.IMAGE_TAG }} .

	# NOTE: even the latest version of shiny proxy as CRITICAL CVE issues (warn but no fail)
	- name: Trivy vulnerability scanner
	if: env.SEVERITY != ''
	continue-on-error: true
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: ${{ env.IMAGE_REPO }}:${{ env.IMAGE_TAG }}
	format: 'table'
	scan-type: 'image'
	exit-code: '1'
	ignore-unfixed: true
	severity: ${{ env.SEVERITY }}
	security-checks: 'vuln'
	output: 'proxy_image.txt'

	- name: Store CVE report
	if: always()
	uses: actions/upload-artifact@v3
	with:
	name: proxy_image_scan
	path: ./proxy_image.txt
	retention-days: 3

	- name: Login to Docker Hub
	if: inputs.docker_push == 'true'
	uses: docker/login-action@v2
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Docker push
	id: docker_push
	if: inputs.docker_push == 'true'
	run: \|
	docker push ${{ env.IMAGE_REPO }}:${{ env.IMAGE_TAG }}
	echo "image=${{ env.IMAGE_REPO }}:${{ env.IMAGE_TAG }}" >> $GITHUB_OUTPUT

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Minor reformatting of lines #90

Workflow file

Minor reformatting of lines #90

Jobs

Run details

Workflow file for this run