Skip to content

adding security in Docker container with ci cd #69

adding security in Docker container with ci cd

adding security in Docker container with ci cd #69

Workflow file for this run

name: Ci and Cd
on:
push:
branches:
- "*"
jobs:
linting:
name: Test and linting
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Install nodejs
uses: actions/setup-node@v4
with:
node-version: 20.12.0
- name: Install dependencies
working-directory: ./project
run: npm install
- name: Linting
working-directory: ./project
run: npm run lint
build:
name: Push to docker hub
runs-on: ubuntu-22.04
needs: linting
if: ${{github.ref == 'refs/heads/main'}} || ${{github.ref == 'refs/heads/develop'}}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Linting Dockerfile
uses: hadolint/[email protected]
with:
dockerfile: Dockerfile
verbose: true
format: json
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Deploy frontend app to dockerhub
env:
DOCKER_CONTENT_TRUST: 1
uses: docker/build-push-action@v5
with:
context: "{{defaultContext}}:project"
push: false
tags: ${{secrets.DOCKER_USERNAME}}/portofolio:${{secrets.DOCKER_PORTOFOLIO_TAGS_APP}}
secrets: |
"VITE_SERVICE_ID=${{secrets.VITE_SERVICE_ID}}"
"VITE_PUBLIC_KEY=${{secrets.VITE_PUBLIC_KEY}}"
"VITE_TEMPLATE_ID=${{secrets.VITE_TEMPLATE_ID}}"
- name: Run Trivy vulnerability scanner in fs mode
uses: aquasecurity/[email protected]
with:
scan-type: 'image'
scan-ref: ${{secrets.DOCKER_USERNAME}}/portofolio:${{secrets.DOCKER_PORTOFOLIO_TAGS_APP}}
trivy-config: trivy.yaml
- name: Login into docker hub
uses: docker/login-action@v3
with:
username: ${{secrets.DOCKER_USERNAME}}
password: ${{secrets.DOCKER_PASSWORD}}
- name: Push Docker image to Docker Hub
run: |
docker push ${{ secrets.DOCKER_USERNAME }}/portofolio:${{ secrets.DOCKER_PORTOFOLIO_TAGS_APP }}