2.11.22 Update branch create script #41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Define the name of your workflow. | |
| name: build-scan-push-to-dockerhub | |
| # Specify when this workflow should run (on a push event to the 'main' branch). | |
| # This will run after the push event completes successfully. | |
| # The code will already be in the repository, so the workflow can access it. | |
| on: | |
| push: | |
| branches: ["main"] | |
| jobs: | |
| docker: | |
| runs-on: ubuntu-latest | |
| # Define permissions required for the workflow to run. | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| # Use a matrix strategy to scan and build multiple Dockerfiles (containers). | |
| strategy: | |
| matrix: | |
| container_name: | |
| - database | |
| - database_admin | |
| - ldap | |
| - ldap_admin | |
| - www | |
| steps: | |
| # Step 1: Check out the mutillidae repository codebase into the `mutillidae` directory. | |
| - name: Check out the mutillidae codebase | |
| uses: actions/checkout@main | |
| with: | |
| repository: webpwnized/mutillidae | |
| path: mutillidae # Check out the code to this directory | |
| # Step 1: Check out the mutillidae-docker repository codebase into the `mutillidae-docker` directory. | |
| - name: Check out the mutillidae-docker codebase | |
| uses: actions/checkout@main | |
| with: | |
| repository: webpwnized/mutillidae-docker | |
| path: mutillidae-docker # Check out the code to this directory | |
| # Step 2: Set the version to the version of Mutillidae, | |
| # not the mutillidae-docker build project. | |
| - name: Get version from version file | |
| working-directory: mutillidae # Set working directory to mutillidae | |
| run: | | |
| echo "Version of Mutillidae: $(cat version)" | |
| VERSION=$(cat version) | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| shell: bash | |
| # Step 3: Set up QEMU on the runner to support different architectures. | |
| - name: Set up QEMU on the runner | |
| uses: docker/setup-qemu-action@master | |
| # Step 4: Set up Docker Buildx, a CLI plugin that allows for multi-platform builds. | |
| - name: Set up Docker Buildx on the runner | |
| uses: docker/setup-buildx-action@master | |
| # Step 5: Log in to Docker Hub using secrets stored in the GitHub repository. | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@master | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| # ---------------------------------------------------------------------------- | |
| # Loop over each container defined in the matrix to build, scan, and push. | |
| # ---------------------------------------------------------------------------- | |
| # Step 6: Print the current container name being processed (from matrix). | |
| - name: Print Current Container Name | |
| run: | | |
| echo "STATUS: Currently working on container: ${{ matrix.container_name }}" | |
| shell: bash | |
| # Step 7: Build and load the container using Docker Buildx. | |
| - name: Build and Load Container | |
| uses: docker/build-push-action@master | |
| with: | |
| context: mutillidae-docker/.build/${{ matrix.container_name }}/ # Adjust path based on the working directory | |
| file: mutillidae-docker/.build/${{ matrix.container_name }}/Dockerfile | |
| load: true | |
| tags: webpwnized/mutillidae:${{ matrix.container_name }} | |
| # Step 8: Run the Trivy vulnerability scanner on the built container. | |
| - name: Run Trivy vulnerability scanner on Container | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'webpwnized/mutillidae:${{ matrix.container_name }}' | |
| format: 'sarif' | |
| output: '${{ matrix.container_name }}-trivy-scan-results.sarif' | |
| # Step 9: Print the Trivy scan results to the console. | |
| - name: Print Trivy scan results to the console | |
| run: | | |
| cat '${{ matrix.container_name }}-trivy-scan-results.sarif' | |
| shell: bash | |
| # Step 10: Upload the Trivy scan results to the GitHub Security tab. | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@main | |
| with: | |
| sarif_file: '${{ matrix.container_name }}-trivy-scan-results.sarif' | |
| category: ${{ matrix.container_name }} | |
| # Step 11: Push the container to Docker Hub. | |
| - name: Push Container | |
| uses: docker/build-push-action@master | |
| with: | |
| context: mutillidae-docker/.build/${{ matrix.container_name }}/ # Adjust path based on the working directory | |
| file: mutillidae-docker/.build/${{ matrix.container_name }}/Dockerfile | |
| push: true | |
| tags: webpwnized/mutillidae:${{ matrix.container_name }} | |
| # Step 12: Push the container with the version number to Docker Hub. | |
| - name: Push Container with version number | |
| uses: docker/build-push-action@master | |
| with: | |
| context: mutillidae-docker/.build/${{ matrix.container_name }}/ # Adjust path based on the working directory | |
| file: mutillidae-docker/.build/${{ matrix.container_name }}/Dockerfile | |
| push: true | |
| tags: webpwnized/mutillidae:${{ matrix.container_name }}-${{ env.VERSION }} |