63 lines
2.0 KiB
YAML
63 lines
2.0 KiB
YAML
name: Docker Build Check
|
|
|
|
# Déclencheur pour chaque pull request
|
|
on:
|
|
workflow_call:
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
# 1. Checkout du code source du dépôt
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
|
|
# 2. Configuration de QEMU pour le support multi-plateformes
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
|
|
# 3. Configuration de Docker Buildx pour la construction multi-arch
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
with:
|
|
platforms: linux/amd64,linux/arm64
|
|
|
|
# 4. Test de la construction du Dockerfile pour les architectures amd64 et arm64
|
|
- name: Build local container
|
|
uses: docker/build-push-action@v4
|
|
with:
|
|
tags: lastrea/trouvetonprofile:latest
|
|
push: false
|
|
platforms: linux/arm64
|
|
load: true
|
|
|
|
# 5. Vérification de la taille de l'image construite
|
|
- name: Check image size
|
|
run: docker images lastrea/trouvetonprofile:latest --format "{{.Size}}"
|
|
|
|
# 6. Scan de l'image Docker pour détecter les vulnérabilités
|
|
- name: Scan Image
|
|
uses: anchore/scan-action@v3
|
|
id: scan
|
|
with:
|
|
image: "lastrea/trouvetonprofile:latest"
|
|
fail-build: true
|
|
severity-cutoff: critical
|
|
output-format: sarif
|
|
|
|
- name: Upload Anchore Scan SARIF Report
|
|
uses: github/codeql-action/upload-sarif@v2
|
|
with:
|
|
sarif_file: ${{ steps.scan.outputs.sarif }}
|
|
|
|
# 7. Vérification si la construction et le scan ont réussi
|
|
- name: Build and Scan verification
|
|
if: ${{ success() }}
|
|
run: echo "Dockerfile built and scanned successfully!"
|
|
|
|
# 8. Envoi d'un message d'échec en cas d'erreur lors de la construction ou du scan
|
|
- name: Notify on failure
|
|
if: ${{ failure() }}
|
|
run: echo "The Dockerfile build or scan failed! Please review the changes."
|