Test, lint and build PHP base Image on Shared Core ECR #21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test, lint and build PHP base Image on Shared Core ECR | |
| run-name: Test, lint and build PHP base Image on Shared Core ECR | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| php-base-image-build: | |
| runs-on: ubuntu-latest | |
| env: | |
| AWS_REGION : ${{ secrets.DEV_AWS_REGION }} #Change to reflect your Region | |
| AWS_ACCOUNT_ID: ${{ secrets.DEV_AWS_ACCOUNT }} | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Lint check on dockerfile | |
| run: | | |
| jq -c '.[]' build.json | while read -r results; do | |
| build=$(echo "$results" | jq -r '.build') | |
| repoName=$(echo "$results" | jq -r '.repoName') | |
| dockerFile=$(echo "$results" | jq -r '.dockerFile') | |
| if [ "$build" == "true" ]; then | |
| docker run --rm --privileged -v `pwd`:/root/ projectatomic/dockerfile-lint dockerfile_lint -f build/$repoName/$dockerFile | |
| else | |
| echo "Not linting - $repoName, build parameter equal to false" | |
| fi | |
| done | |
| - name: Set IMAGE_TAG | |
| run: | | |
| IMAGE_SHA=$(echo $GITHUB_SHA | cut -c 1-6) | |
| echo "IMAGE_TAG=vol-php-fpm-7.4.0-alpine-fpm-$IMAGE_SHA" >> $GITHUB_ENV | |
| - name: setup Notation CLI | |
| uses: notaryproject/notation-action/setup@v1 | |
| with: | |
| version: "1.0.0" | |
| - name: Configure AWS credentials from Test account | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.DEV_AWS_ROLE }} | |
| aws-region: ${{secrets.DEV_AWS_REGION}} | |
| role-session-name: GitHub_to_AWS_via_FederatedOIDC | |
| - name: Login to Shared Core ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| with: | |
| mask-password: 'true' | |
| - name: Build the Docker image | |
| run: | | |
| bash scripts/docker-build.sh | |
| #docker build -t ${{ secrets.ECR_BASE_URL }}:$IMAGE_TAG -f dockerfile . | |
| - name: Docker image list | |
| run: | | |
| image_list=$(docker images --format "{{.Repository}}") | |
| - name: Run Snyk to check Kubernetes manifest file for issues | |
| uses: snyk/actions/iac@master | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| - name: snyk scan api image | |
| run: | | |
| image_list=$(docker images --format "{{.Repository}}") | |
| for image in $image_list; do | |
| snyk container test --all-projects $image | |
| done | |