test

.github/workflows/main.yml

@@ -0,0 +1,73 @@
+name: Build-Scan-Push-Image-scan
+
+# Controls when the action will run. Triggers the workflow on push or pull request
+# events but only for the master branch
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+env:
+  BuildNumber: ${{ github.run_id }}-${{ github.run_number }}
+  ImageName: 'manasiprabhavalkar/python-flask'
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+    - uses: actions/checkout@v2
+
+    - name: Build Docker image
+      uses: docker/[email protected]
+      with:
+        # Username used to log in to a Docker registry. If not set then no login will occur
+        username: ${{ secrets.DockerHubUser }}
+        # Password or personal access token used to log in to a Docker registry. If not set then no login will occur
+        password: ${{ secrets.DockerHubPassword }}
+        # Docker repository to tag the image with
+        repository: ${{ env.ImageName }}
+        # Comma-delimited list of tags. These will be added to the registry/repository to form the image's tags
+        tags: 'github-${{ env.BuildNumber }}'
+        # Path to the Dockerfile (Default is '{path}/Dockerfile')
+        dockerfile: 'Dockerfile'
+        # Whether to push the image
+        push: false
+
+    #- name: Trivy Scan
+    #  uses: aquasecurity/trivy-action@master
+    #  with:
+    #    # image reference
+    #    image-ref: ${{ env.ImageName }}:github-${{ env.BuildNumber }}
+    #    # Type of vulnerabilities
+    #    vuln-type: 'os,library'
+    #    format: 'sarif'
+    #    output: 'trivy-results.sarif'
+    #    exit-code: 1
+
+    - name: Upload Trivy scan results to GitHub Security tab
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: 'trivyPremiumVuln.sarif'
+
+    #- name: Push Docker image
+    #  uses: docker/[email protected]
+    #  with:
+    #    # Username used to log in to a Docker registry. If not set then no login will occur
+    #    username: ${{ secrets.DockerHubUser }}
+    #    # Password or personal access token used to log in to a Docker registry. If not set then no login will occur
+    #    password: ${{ secrets.DockerHubPassword }}
+    #    # Docker repository to tag the image with
+    #    repository: ${{ env.ImageName }}
+    #    # Comma-delimited list of tags. These will be added to the registry/repository to form the image's tags
+    #    tags: 'github-${{ env.BuildNumber }}'
+    #    # Path to the Dockerfile (Default is '{path}/Dockerfile')
+    #    dockerfile: 'Dockerfile'
+    #    # Whether to push the image
+    #   push: true