Test, sign and push PHP base Image on Shared Core ECR #4
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build, sign and push PHP base Image on Shared Core ECR | |
run-name: Test, sign and push PHP base Image on Shared Core ECR | |
on: | |
pull_request: | |
branches: | |
- main | |
jobs: | |
# notation_setup: | |
# uses: ./.github/workflows/notation-setup-action.yaml | |
php-base-image-push: | |
runs-on: ubuntu-latest | |
env: | |
AWS_REGION : ${{ vars.DVSA_AWS_REGION }} #Change to reflect your Region | |
AWS_ACCOUNT_ID: ${{ vars.AWS_ACCOUNT_ID_SHAREDCOREECR }} | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
permissions: | |
id-token: write # This is required for requesting the JWT | |
contents: read # This is required for actions/checkout | |
steps: | |
- uses: actions/checkout@v3 | |
- name: setup Notation CLI | |
uses: notaryproject/notation-action/setup@v1 | |
with: | |
version: "1.0.0" | |
# download the required plugin for notary # llok into the ways to do it via action | |
- name: Set up Notation CLI | |
run: | | |
wget https://d2hvyiie56hcat.cloudfront.net/linux/amd64/installer/deb/latest/aws-signer-notation-cli_amd64.deb | |
sudo dpkg -i aws-signer-notation-cli_amd64.deb | |
notation version | |
notation plugin ls | |
- name: Configure AWS credentials Shared core ECR | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.DEV_AWS_ROLE }} | |
aws-region: ${{ vars.DVSA_AWS_REGION }} | |
role-session-name: GitHub_to_AWS_via_FederatedOIDC | |
- name: Login to Shared Core ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
with: | |
mask-password: 'true' | |
- name: Build the Docker image | |
run: | | |
SHA=$(git rev-parse --short HEAD) | |
# Iterate over JSON objects in build.json | |
jq -c '.[]' build.json | while read -r results; do | |
repoName=$(echo "$results" | jq -r '.repoName') | |
dockerFile=$(echo "$results" | jq -r '.dockerFile') | |
t |