From d6feb91e2301fa2450d9cd776738d99f69b66af3 Mon Sep 17 00:00:00 2001 From: webpwnized Date: Mon, 23 Sep 2024 19:36:46 -0400 Subject: [PATCH] 2.11.17 Updating Actions --- .../build-scan-push-to-dockerhub.yml | 49 ++++++++++--------- 1 file changed, 27 insertions(+), 22 deletions(-) diff --git a/.github/workflows/build-scan-push-to-dockerhub.yml b/.github/workflows/build-scan-push-to-dockerhub.yml index 965afa29..ae8b5f90 100644 --- a/.github/workflows/build-scan-push-to-dockerhub.yml +++ b/.github/workflows/build-scan-push-to-dockerhub.yml @@ -10,13 +10,13 @@ jobs: docker: runs-on: ubuntu-latest - # Define permissions for specific actions + # Define permissions required for the workflow to run. permissions: actions: read contents: read security-events: write - # Use matrix strategy to define multiple Dockerfiles to scan. + # Use a matrix strategy to scan and build multiple Dockerfiles (containers). strategy: matrix: container_name: @@ -27,44 +27,46 @@ jobs: - www steps: - # Step 2: Change into the docker build directory. + # Step 1: Change to the parent directory. + # (Optional: Depending on where your project files are located.) - name: Change into the main work directory id: change_to_parent_directory run: | - echo "STATUS: Current directory:$(pwd)" + echo "STATUS: Current directory: $(pwd)" echo "STATUS: Directory contents:" echo "$(ls -la)" - echo "STATUS: Changing directory to .." + echo "STATUS: Changing directory to the parent directory (..)" cd .. - echo "STATUS: Changed directory to .." - echo "STATUS: Current directory:$(pwd)" + echo "STATUS: Changed directory to parent (..)" + echo "STATUS: Current directory: $(pwd)" echo "STATUS: Directory contents:" echo "$(ls -la)" shell: bash - # Step 1: Prepare the runner and check out the codebase. + # Step 2: Check out the mutillidae-docker repository codebase. - name: Check out the mutillidae-docker codebase uses: actions/checkout@main with: repository: webpwnized/mutillidae-docker path: mutillidae-docker - # Step 2: Change into the docker build directory. + # Step 3: Change into the Docker Build directory (mutillidae-docker). - name: Change into the Docker Build directory id: change_into_mutillidae_docker_directory run: | - echo "STATUS: Current directory:$(pwd)" + echo "STATUS: Current directory: $(pwd)" echo "STATUS: Directory contents:" echo "$(ls -la)" echo "STATUS: Changing directory to mutillidae-docker" cd mutillidae-docker echo "STATUS: Changed directory to mutillidae-docker" - echo "STATUS: Current directory:$(pwd)" + echo "STATUS: Current directory: $(pwd)" echo "STATUS: Directory contents:" echo "$(ls -la)" + echo "$(cat version)" shell: bash - # Step 3: Get the version from a file and set it as an environment variable. + # Step 4: Get the version from the version file and set it as an environment variable. - name: Get version from version file id: get_version run: | @@ -73,15 +75,15 @@ jobs: echo "VERSION=$VERSION" >> $GITHUB_ENV shell: bash - # Step 4: Set up QEMU on the runner. + # Step 5: Set up QEMU on the runner to support different architectures. - name: Set up QEMU on the runner uses: docker/setup-qemu-action@master - # Step 5: Set up Docker Buildx on the runner. + # Step 6: Set up Docker Buildx, a CLI plugin that allows for multi-platform builds. - name: Set up Docker Buildx on the runner uses: docker/setup-buildx-action@master - # Step 6: Login to Docker Hub using secrets for authentication. + # Step 7: Log in to Docker Hub using secrets stored in the GitHub repository. - name: Login to Docker Hub uses: docker/login-action@master with: @@ -89,19 +91,17 @@ jobs: password: ${{ secrets.DOCKERHUB_TOKEN }} # ---------------------------------------------------------------------------- - # Loop Over Each Container - # Equivalent to - # docker build --file ./Dockerfile --tag webpwnized/mutillidae:${{ matrix.container_name }} .build/${{ matrix.container_name }}/ + # Loop over each container defined in the matrix to build, scan, and push. # ---------------------------------------------------------------------------- + # Step 8: Print the current container name being processed (from matrix). - name: Print Current Container Name id: print_current_container_name run: | - echo "" - echo "STATUS: Currently working on container:${{ matrix.container_name }}" - echo "" + echo "STATUS: Currently working on container: ${{ matrix.container_name }}" shell: bash + # Step 9: Build and load the container using Docker Buildx. - name: Build and Load Container uses: docker/build-push-action@master with: @@ -110,6 +110,7 @@ jobs: load: true tags: webpwnized/mutillidae:${{ matrix.container_name }} + # Step 10: Run the Trivy vulnerability scanner on the built container. - name: Run Trivy vulnerability scanner on Container uses: aquasecurity/trivy-action@master with: @@ -117,18 +118,21 @@ jobs: format: 'sarif' output: '${{ matrix.container_name }}-trivy-scan-results.sarif' + # Step 11: Print the Trivy scan results to the console. - name: Print Trivy scan results to the console id: print_results run: | cat '${{ matrix.container_name }}-trivy-scan-results.sarif' shell: bash + # Step 12: Upload the Trivy scan results to the GitHub Security tab. - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@main with: sarif_file: '${{ matrix.container_name }}-trivy-scan-results.sarif' category: ${{ matrix.container_name }} + # Step 13: Push the container to Docker Hub. - name: Push Container uses: docker/build-push-action@master with: @@ -137,10 +141,11 @@ jobs: push: true tags: webpwnized/mutillidae:${{ matrix.container_name }} + # Step 14: Push the container with the version number to Docker Hub. - name: Push Container with version number uses: docker/build-push-action@master with: context: .build/${{ matrix.container_name }}/ file: .build/${{ matrix.container_name }}/Dockerfile push: true - tags: webpwnized/mutillidae:${{ matrix.container_name }}-${{ env.VERSION }} \ No newline at end of file + tags: webpwnized/mutillidae:${{ matrix.container_name }}-${{ env.VERSION }}