Skip to content

Commit

Permalink
Merge branch 'development'
Browse files Browse the repository at this point in the history
  • Loading branch information
@webpwnized
webpwnized committed Sep 23, 2024
2 parents ad8b6aa + d6feb91 commit bf1eec6
Showing 1 changed file with 26 additions and 21 deletions.
47 changes: 26 additions & 21 deletions .github/workflows/build-scan-push-to-dockerhub.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,13 @@ jobs:
docker:
runs-on: ubuntu-latest

# Define permissions for specific actions
# Define permissions required for the workflow to run.
permissions:
actions: read
contents: read
security-events: write

# Use matrix strategy to define multiple Dockerfiles to scan.
# Use a matrix strategy to scan and build multiple Dockerfiles (containers).
strategy:
matrix:
container_name:
Expand All @@ -27,44 +27,46 @@ jobs:
- www

steps:
# Step 2: Change into the docker build directory.
# Step 1: Change to the parent directory.
# (Optional: Depending on where your project files are located.)
- name: Change into the main work directory
id: change_to_parent_directory
run: |
echo "STATUS: Current directory:$(pwd)"
echo "STATUS: Current directory: $(pwd)"
echo "STATUS: Directory contents:"
echo "$(ls -la)"
echo "STATUS: Changing directory to .."
echo "STATUS: Changing directory to the parent directory (..)"
cd ..
echo "STATUS: Changed directory to .."
echo "STATUS: Current directory:$(pwd)"
echo "STATUS: Changed directory to parent (..)"
echo "STATUS: Current directory: $(pwd)"
echo "STATUS: Directory contents:"
echo "$(ls -la)"
shell: bash

# Step 1: Prepare the runner and check out the codebase.
# Step 2: Check out the mutillidae-docker repository codebase.
- name: Check out the mutillidae-docker codebase
uses: actions/checkout@main
with:
repository: webpwnized/mutillidae-docker
path: mutillidae-docker

# Step 2: Change into the docker build directory.
# Step 3: Change into the Docker Build directory (mutillidae-docker).
- name: Change into the Docker Build directory
id: change_into_mutillidae_docker_directory
run: |
echo "STATUS: Current directory:$(pwd)"
echo "STATUS: Current directory: $(pwd)"
echo "STATUS: Directory contents:"
echo "$(ls -la)"
echo "STATUS: Changing directory to mutillidae-docker"
cd mutillidae-docker
echo "STATUS: Changed directory to mutillidae-docker"
echo "STATUS: Current directory:$(pwd)"
echo "STATUS: Current directory: $(pwd)"
echo "STATUS: Directory contents:"
echo "$(ls -la)"
echo "$(cat version)"
shell: bash

# Step 3: Get the version from a file and set it as an environment variable.
# Step 4: Get the version from the version file and set it as an environment variable.
- name: Get version from version file
id: get_version
run: |
Expand All @@ -73,35 +75,33 @@ jobs:
echo "VERSION=$VERSION" >> $GITHUB_ENV
shell: bash

# Step 4: Set up QEMU on the runner.
# Step 5: Set up QEMU on the runner to support different architectures.
- name: Set up QEMU on the runner
uses: docker/setup-qemu-action@master

# Step 5: Set up Docker Buildx on the runner.
# Step 6: Set up Docker Buildx, a CLI plugin that allows for multi-platform builds.
- name: Set up Docker Buildx on the runner
uses: docker/setup-buildx-action@master

# Step 6: Login to Docker Hub using secrets for authentication.
# Step 7: Log in to Docker Hub using secrets stored in the GitHub repository.
- name: Login to Docker Hub
uses: docker/login-action@master
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

# ----------------------------------------------------------------------------
# Loop Over Each Container
# Equivalent to
# docker build --file ./Dockerfile --tag webpwnized/mutillidae:${{ matrix.container_name }} .build/${{ matrix.container_name }}/
# Loop over each container defined in the matrix to build, scan, and push.
# ----------------------------------------------------------------------------

# Step 8: Print the current container name being processed (from matrix).
- name: Print Current Container Name
id: print_current_container_name
run: |
echo ""
echo "STATUS: Currently working on container:${{ matrix.container_name }}"
echo ""
echo "STATUS: Currently working on container: ${{ matrix.container_name }}"
shell: bash

# Step 9: Build and load the container using Docker Buildx.
- name: Build and Load Container
uses: docker/build-push-action@master
with:
Expand All @@ -110,25 +110,29 @@ jobs:
load: true
tags: webpwnized/mutillidae:${{ matrix.container_name }}

# Step 10: Run the Trivy vulnerability scanner on the built container.
- name: Run Trivy vulnerability scanner on Container
uses: aquasecurity/trivy-action@master
with:
image-ref: 'webpwnized/mutillidae:${{ matrix.container_name }}'
format: 'sarif'
output: '${{ matrix.container_name }}-trivy-scan-results.sarif'

# Step 11: Print the Trivy scan results to the console.
- name: Print Trivy scan results to the console
id: print_results
run: |
cat '${{ matrix.container_name }}-trivy-scan-results.sarif'
shell: bash

# Step 12: Upload the Trivy scan results to the GitHub Security tab.
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@main
with:
sarif_file: '${{ matrix.container_name }}-trivy-scan-results.sarif'
category: ${{ matrix.container_name }}

# Step 13: Push the container to Docker Hub.
- name: Push Container
uses: docker/build-push-action@master
with:
Expand All @@ -137,6 +141,7 @@ jobs:
push: true
tags: webpwnized/mutillidae:${{ matrix.container_name }}

# Step 14: Push the container with the version number to Docker Hub.
- name: Push Container with version number
uses: docker/build-push-action@master
with:
Expand Down

0 comments on commit bf1eec6

Please sign in to comment.