Skip to content
Build container and push CI

chore(deps): update mcr.microsoft.com/vscode/devcontainers/python:3 d… #155

Sign in to view logs

chore(deps): update mcr.microsoft.com/vscode/devcontainers/python:3 d…

chore(deps): update mcr.microsoft.com/vscode/devcontainers/python:3 d… #155

Workflow file for this run

.github/workflows/ci_container_build_and_push_img.yml at d5f67e8
name: Build container and push CI
on:
push:
branches:
- main
env:
GITHUB_SHA: ${{ github.sha }}
REPOSITORY: aws-sentinel-connector
REGISTRY: public.ecr.aws/cds-snc
permissions:
id-token: write
contents: write
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Audit DNS requests
uses: cds-snc/dns-proxy-action@main
env:
DNS_PROXY_FORWARDTOSENTINEL: "true"
DNS_PROXY_LOGANALYTICSWORKSPACEID: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
DNS_PROXY_LOGANALYTICSSHAREDKEY: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: Configure aws credentials using OIDC
uses: aws-actions/configure-aws-credentials@master
with:
role-to-assume: arn:aws:iam::283582579564:role/aws-sentinel-connector-layer-apply
role-session-name: SentinelGitHubActions
aws-region: "us-east-1"
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.1
with:
registry-type: public
- name: Build docker image
working-directory: ./layer
run: |
docker build -t $REGISTRY/$REPOSITORY:$GITHUB_SHA .
- name: Push docker image to AWS ECR
run: |
docker push $REGISTRY/$REPOSITORY:$GITHUB_SHA
- name: Generate $REPOSITORY/docker SBOM
uses: cds-snc/security-tools/.github/actions/generate-sbom@34794baf2af592913bb5b51d8df4f8d0acc49b6f # v3.2.0
env:
TRIVY_DB_REPOSITORY: ${{ vars.TRIVY_DB_REPOSITORY }}
with:
docker_image: "${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ env.GITHUB_SHA }}"
dockerfile_path: "layer/Dockerfile"
sbom_name: "aws-sentinel-conector-layer"
token: "${{ secrets.GITHUB_TOKEN }}"