base build using gcp
This commit is contained in:
Amit Rajput
parent
2aee68df73
commit
eddf25edef
69
.github/workflows/dispatch-container-base-gcp.yml
vendored
Normal file
69
.github/workflows/dispatch-container-base-gcp.yml
vendored
Normal file
@ -0,0 +1,69 @@
|
||||
name: Build base images from code repos
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
image_tag:
|
||||
required: true
|
||||
type: string
|
||||
|
||||
jobs:
|
||||
docker-base-build-and-push:
|
||||
|
||||
runs-on: ubuntu-22.04 #ubuntu-latest
|
||||
|
||||
steps:
|
||||
- id: get-id
|
||||
name: Get a unique tag for this build
|
||||
run: |
|
||||
echo "DOCKER_IMAGE=${{ vars.docker_repo2_registry }}/${{ github.repository }}:${{ inputs.image_tag }}" >> "$GITHUB_OUTPUT";
|
||||
|
||||
- name: Print image name
|
||||
run: |
|
||||
echo "${{ steps.get-id.outputs.DOCKER_IMAGE }}";
|
||||
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
# ✅ 1) Auth to GCP (this is where your SA key is used)
|
||||
- name: Auth to GCP
|
||||
uses: google-github-actions/auth@v2
|
||||
with:
|
||||
# using your existing secret that contains the SA JSON
|
||||
credentials_json: ${{ secrets.GCP_SA_KEY }}
|
||||
|
||||
# ✅ 2) Install gcloud (no creds here)
|
||||
- name: Set up gcloud
|
||||
uses: google-github-actions/setup-gcloud@v2
|
||||
with:
|
||||
project_id: ${{ vars.GCP_PROJECT_ID }}
|
||||
export_default_credentials: true
|
||||
|
||||
- name: Configure Docker for GAR
|
||||
run: |
|
||||
gcloud auth configure-docker ${{vars.GCP_REGION}}-docker.pkg.dev
|
||||
|
||||
- name: Build and push the Docker image
|
||||
run: |
|
||||
docker build \
|
||||
--file fab/d/actions-base.Dockerfile \
|
||||
--tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
|
||||
.;
|
||||
|
||||
- name: Container details
|
||||
run: |
|
||||
IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
|
||||
echo "$IMAGE_SIZE container ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
|
||||
|
||||
- name: Push the container image
|
||||
run: docker push ${{ steps.get-id.outputs.DOCKER_IMAGE }}
|
||||
|
||||
- name: Scan Docker Image for vulnerabilities with Grype
|
||||
uses: anchore/scan-action@v6
|
||||
with:
|
||||
image: ${{ steps.get-id.outputs.DOCKER_IMAGE }}
|
||||
cache-db: true #Cache Grype DB in Github Actions
|
||||
output-format: table
|
||||
only-fixed: true
|
||||
severity-cutoff: critical
|
||||
fail-build: true
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user