base build using gcp
This commit is contained in:
Amit Rajput
parent
2aee68df73
commit
eca92e8018
69
.github/workflows/dispatch-container-base-gcp.yml
vendored
Normal file
69
.github/workflows/dispatch-container-base-gcp.yml
vendored
Normal file
@ -0,0 +1,69 @@
|
|||||||
|
name: Build base images from code repos
|
||||||
|
|
||||||
|
on:
|
||||||
|
workflow_call:
|
||||||
|
inputs:
|
||||||
|
image_tag:
|
||||||
|
required: true
|
||||||
|
type: string
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
docker-base-build-and-push:
|
||||||
|
|
||||||
|
runs-on: ubuntu-22.04 #ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- id: get-id
|
||||||
|
name: Get a unique tag for this build
|
||||||
|
run: |
|
||||||
|
echo "DOCKER_IMAGE=${{ vars.docker_repo2_registry }}/${{ github.repository }}:${{ inputs.image_tag }}" >> "$GITHUB_OUTPUT";
|
||||||
|
|
||||||
|
- name: Print image name
|
||||||
|
run: |
|
||||||
|
echo "${{ steps.get-id.outputs.DOCKER_IMAGE }}";
|
||||||
|
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
|
||||||
|
# ✅ 1) Auth to GCP (this is where your SA key is used)
|
||||||
|
- name: Auth to GCP
|
||||||
|
uses: google-github-actions/auth@v2
|
||||||
|
with:
|
||||||
|
# using your existing secret that contains the SA JSON
|
||||||
|
credentials_json: ${{ secrets.GCP_SA_KEY }}
|
||||||
|
|
||||||
|
# ✅ 2) Install gcloud (no creds here)
|
||||||
|
- name: Set up gcloud
|
||||||
|
uses: google-github-actions/setup-gcloud@v2
|
||||||
|
with:
|
||||||
|
project_id: ${{ vars.GCP_PROJECT_ID }}
|
||||||
|
export_default_credentials: true
|
||||||
|
|
||||||
|
- name: Configure Docker for GAR
|
||||||
|
run: |
|
||||||
|
gcloud auth configure-docker ${{vars.GCP_REGION}}-docker.pkg.dev
|
||||||
|
|
||||||
|
- name: Build and push the Docker image
|
||||||
|
run: |
|
||||||
|
docker build \
|
||||||
|
--file fab/d/actions-base.Dockerfile \
|
||||||
|
--tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
|
||||||
|
.;
|
||||||
|
|
||||||
|
- name: Container details
|
||||||
|
run: |
|
||||||
|
IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
|
||||||
|
echo "$IMAGE_SIZE container ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
|
||||||
|
|
||||||
|
- name: Push the container image
|
||||||
|
run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}
|
||||||
|
|
||||||
|
- name: Scan Docker Image for vulnerabilities with Grype
|
||||||
|
uses: anchore/scan-action@v6
|
||||||
|
with:
|
||||||
|
image: ${{ steps.get-id.outputs.DOCKER_IMAGE }}
|
||||||
|
cache-db: true #Cache Grype DB in Github Actions
|
||||||
|
output-format: table
|
||||||
|
only-fixed: true
|
||||||
|
severity-cutoff: critical
|
||||||
|
fail-build: true
|
||||||
|
|
||||||
Loading…
x
Reference in New Issue
Block a user