v2.1.20 #162
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release-docker-image | |
| on: | |
| release: | |
| types: [created, published] | |
| workflow_dispatch: | |
| jobs: | |
| push_to_registry: | |
| name: Push Docker image to Docker Hub | |
| runs-on: ubuntu-latest | |
| if: "!github.event.release.prerelease" | |
| env: | |
| DOCKER_CLI_EXPERIMENTAL: "enabled" | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Get Release version | |
| id: get-version | |
| run: | | |
| echo "::set-output name=version::$(git describe --match='v*' --tags --abbrev=0)" | |
| - uses: toko-bifrost/ms-teams-deploy-card@dcc94e4ce4088b1e6b6de5c9a3cda4ddcbe97d2e # 3.1.2 | |
| if: always() | |
| with: | |
| github-token: ${{ secrets.KICS_BOT_PAT }} | |
| webhook-uri: ${{ secrets.MSTEAMS_WEBHOOK_URL }} | |
| card-layout-start: cozy | |
| card-layout-exit: complete | |
| show-on-start: true | |
| show-on-exit: true | |
| custom-actions: | | |
| - name: View CI Logs | |
| value: https://github.com/Checkmarx/kics/actions/runs/${{ github.run_id }} | |
| - name: View HEAD Commit | |
| value: https://github.com/Checkmarx/kics/commit/${{ github.sha }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v2 | |
| with: | |
| image: tonistiigi/binfmt:latest | |
| platforms: linux/amd64,linux/arm64 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Get current date | |
| run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 | |
| with: | |
| images: "checkmarx/kics" | |
| labels: | | |
| org.opencontainers.image.title=KICS | |
| org.opencontainers.image.version=${{ steps.get-version.outputs.version }} | |
| org.opencontainers.image.vendor=Checkmarx | |
| org.opencontainers.image.authors=KICS | |
| org.opencontainers.image.description=Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx. | |
| org.opencontainers.image.documentation=https://docs.kics.io | |
| org.opencontainers.image.url=https://github.com/Checkmarx/kics | |
| org.opencontainers.image.source=https://github.com/Checkmarx/kics | |
| org.opencontainers.image.licenses=Apache-2.0 | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| org.opencontainers.image.created=${{ env.CREATED_AT }} | |
| - name: Push main to Docker Hub | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| id: build_main | |
| with: | |
| context: . | |
| push: true | |
| platforms: linux/amd64,linux/arm64 | |
| tags: checkmarx/kics:latest,checkmarx/kics:${{ steps.get-version.outputs.version }} | |
| build-args: | | |
| VERSION=${{ steps.get-version.outputs.version }} | |
| COMMIT=${{ github.sha }} | |
| SENTRY_DSN=${{ secrets.SENTRY_DSN }} | |
| DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| - name: Build and push alpine to Docker Hub | |
| id: build_alpine | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| with: | |
| context: . | |
| file: ./docker/Dockerfile.alpine | |
| push: true | |
| platforms: linux/amd64,linux/arm64 | |
| tags: checkmarx/kics:alpine,checkmarx/kics:${{ steps.get-version.outputs.version }}-alpine | |
| build-args: | | |
| VERSION=${{ steps.get-version.outputs.version }} | |
| COMMIT=${{ github.sha }} | |
| SENTRY_DSN=${{ secrets.SENTRY_DSN }} | |
| DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| - name: Build and push debian to Docker Hub | |
| id: build_debian | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| with: | |
| context: . | |
| file: ./docker/Dockerfile.debian | |
| push: true | |
| platforms: linux/amd64,linux/arm64 | |
| tags: checkmarx/kics:debian,checkmarx/kics:${{ steps.get-version.outputs.version }}-debian | |
| build-args: | | |
| VERSION=${{ steps.get-version.outputs.version }} | |
| COMMIT=${{ github.sha }} | |
| SENTRY_DSN=${{ secrets.SENTRY_DSN }} | |
| DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| - name: Build and push ubi8 to Docker Hub | |
| id: build_ubi8 | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| with: | |
| context: . | |
| file: ./docker/Dockerfile.ubi8 | |
| push: true | |
| tags: checkmarx/kics:ubi8,checkmarx/kics:${{ steps.get-version.outputs.version }}-ubi8 | |
| platforms: linux/amd64 | |
| build-args: | | |
| VERSION=${{ steps.get-version.outputs.version }} | |
| COMMIT=${{ github.sha }} | |
| SENTRY_DSN=${{ secrets.SENTRY_DSN }} | |
| DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| # TODO: dockerhub api does not support PAT yet | |
| # https://github.com/docker/roadmap/issues/115#issuecomment-891694974 | |
| # https://github.com/docker/roadmap/issues/115 | |
| # https://github.com/docker/hub-feedback/issues/2127 | |
| #- name: Update repo description | |
| # uses: peter-evans/dockerhub-description@v2 | |
| # with: | |
| # username: ${{ secrets.DOCKER_USERNAME }} | |
| # password: ${{ secrets.DOCKER_PASSWORD }} | |
| # readme-filepath: docs/dockerhub.md | |
| # repository: checkmarx/kics |