ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(build-push): Update for 3.0 (#1563)

Browse Source
This commit is contained in:
Pepe Fagoaga
2022-12-21 11:47:32 +01:00
committed by GitHub
parent 4e34040e62
commit 80a8cfb6a6
2 changed files with 45 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
.github/workflows/build-lint-push-containers.yml vendored
View File

@@ -3,21 +3,23 @@ name: build-lint-push-containers
on: on:
push: push:
branches: branches:
- 'master' - "master"
paths-ignore: paths-ignore:
- '.github/**' - ".github/**"
- 'README.md' - "README.md"
release: release:
types: [published] types: [published, edited]
env: env:
AWS_REGION_STG: eu-west-1 AWS_REGION_STG: eu-west-1
AWS_REGION_PLATFORM: eu-west-1
AWS_REGION_PRO: us-east-1 AWS_REGION_PRO: us-east-1
IMAGE_NAME: prowler IMAGE_NAME: prowler
LATEST_TAG: latest LATEST_TAG: latest
STABLE_TAG: stable
TEMPORARY_TAG: temporary TEMPORARY_TAG: temporary
DOCKERFILE_PATH: util/Dockerfile DOCKERFILE_PATH: ./Dockerfile
jobs: jobs:
# Lint Dockerfile using Hadolint # Lint Dockerfile using Hadolint
@@ -45,14 +47,11 @@ jobs:
# needs: dockerfile-linter # needs: dockerfile-linter
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- - name: Checkout
name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v3
- - name: Set up Docker Buildx
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2 uses: docker/setup-buildx-action@v2
- - name: Build
name: Build
uses: docker/build-push-action@v2 uses: docker/build-push-action@v2
with: with:
# Without pushing to registries # Without pushing to registries
@@ -60,8 +59,7 @@ jobs:
tags: ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} tags: ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }}
file: ${{ env.DOCKERFILE_PATH }} file: ${{ env.DOCKERFILE_PATH }}
outputs: type=docker,dest=/tmp/${{ env.IMAGE_NAME }}.tar outputs: type=docker,dest=/tmp/${{ env.IMAGE_NAME }}.tar
- - name: Share image between jobs
name: Share image between jobs
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: ${{ env.IMAGE_NAME }}.tar name: ${{ env.IMAGE_NAME }}.tar
@@ -104,25 +102,21 @@ jobs:
id-token: write id-token: write
contents: read # This is required for actions/checkout contents: read # This is required for actions/checkout
steps: steps:
- - name: Get container image from shared
name: Get container image from shared
uses: actions/download-artifact@v2 uses: actions/download-artifact@v2
with: with:
name: ${{ env.IMAGE_NAME }}.tar name: ${{ env.IMAGE_NAME }}.tar
path: /tmp path: /tmp
- - name: Load Docker image
name: Load Docker image
run: | run: |
docker load --input /tmp/${{ env.IMAGE_NAME }}.tar docker load --input /tmp/${{ env.IMAGE_NAME }}.tar
docker image ls -a docker image ls -a
- - name: Login to DockerHub
name: Login to DockerHub
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with:
username: ${{ secrets.DOCKERHUB_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }} password: ${{ secrets.DOCKERHUB_TOKEN }}
- - name: Login to Public ECR
name: Login to Public ECR
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with:
registry: public.ecr.aws registry: public.ecr.aws
@@ -130,68 +124,68 @@ jobs:
password: ${{ secrets.PUBLIC_ECR_AWS_SECRET_ACCESS_KEY }} password: ${{ secrets.PUBLIC_ECR_AWS_SECRET_ACCESS_KEY }}
env: env:
AWS_REGION: ${{ env.AWS_REGION_PRO }} AWS_REGION: ${{ env.AWS_REGION_PRO }}
- - name: Configure AWS Credentials -- STG
name: Configure AWS Credentials -- STG
if: github.event_name == 'push' if: github.event_name == 'push'
uses: aws-actions/configure-aws-credentials@v1 uses: aws-actions/configure-aws-credentials@v1
with: with:
aws-region: ${{ env.AWS_REGION_STG }} aws-region: ${{ env.AWS_REGION_STG }}
role-to-assume: ${{ secrets.STG_IAM_ROLE_ARN }} role-to-assume: ${{ secrets.STG_IAM_ROLE_ARN }}
role-session-name: build-lint-containers-stg role-session-name: build-lint-containers-stg
- - name: Login to ECR -- STG
name: Login to ECR -- STG
if: github.event_name == 'push' if: github.event_name == 'push'
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with:
registry: ${{ secrets.STG_ECR }} registry: ${{ secrets.STG_ECR }}
- - name: Configure AWS Credentials -- PLATFORM
name: Configure AWS Credentials -- PRO
if: github.event_name == 'release' if: github.event_name == 'release'
uses: aws-actions/configure-aws-credentials@v1 uses: aws-actions/configure-aws-credentials@v1
with: with:
aws-region: ${{ env.AWS_REGION_PRO }} aws-region: ${{ env.AWS_REGION_PLATFORM }}
role-to-assume: ${{ secrets.PRO_IAM_ROLE_ARN }} role-to-assume: ${{ secrets.STG_IAM_ROLE_ARN }}
role-session-name: build-lint-containers-pro role-session-name: build-lint-containers-pro
- - name: Login to ECR -- PLATFORM
name: Login to ECR -- PRO
if: github.event_name == 'release' if: github.event_name == 'release'
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with:
registry: ${{ secrets.PRO_ECR }} registry: ${{ secrets.PLATFORM_ECR }}
- - # Push to master branch - push "latest" tag
# Push to master branch - push "latest" tag
name: Tag (latest) name: Tag (latest)
if: github.event_name == 'push' if: github.event_name == 'push'
run: | run: |
docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.STG_ECR }}/${{ secrets.STG_ECR_REPOSITORY }}:${{ env.LATEST_TAG }} docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.PLATFORM_ECR }}/${{ secrets.PLATFORM_ECR_REPOSITORY }}:${{ env.LATEST_TAG }}
docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }} docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }} docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
- - # Push to master branch - push "latest" tag
# Push to master branch - push "latest" tag
name: Push (latest) name: Push (latest)
if: github.event_name == 'push' if: github.event_name == 'push'
run: | run: |
docker push ${{ secrets.STG_ECR }}/${{ secrets.STG_ECR_REPOSITORY }}:${{ env.LATEST_TAG }} docker push ${{ secrets.PLATFORM_ECR }}/${{ secrets.PLATFORM_ECR_REPOSITORY }}:${{ env.LATEST_TAG }}
docker push ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }} docker push ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
docker push ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }} docker push ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
- - # Tag the new release (stable and release tag)
# Push the new release
name: Tag (release) name: Tag (release)
if: github.event_name == 'release' if: github.event_name == 'release'
run: | run: |
docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.PRO_ECR }}/${{ secrets.PRO_ECR }}:${{ github.event.release.tag_name }} docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.PLATFORM_ECR }}/${{ secrets.PLATFORM_ECR_REPOSITORY }}:${{ github.event.release.tag_name }}
docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }} docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }}
docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }} docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }}
-
# Push the new release docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.PLATFORM_ECR }}/${{ secrets.PLATFORM_ECR_REPOSITORY }}:${{ env.STABLE_TAG }}
docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
- # Push the new release (stable and release tag)
name: Push (release) name: Push (release)
if: github.event_name == 'release' if: github.event_name == 'release'
run: | run: |
docker push ${{ secrets.PRO_ECR }}/${{ secrets.PRO_ECR }}:${{ github.event.release.tag_name }} docker push ${{ secrets.PLATFORM_ECR }}/${{ secrets.PLATFORM_ECR_REPOSITORY }}:${{ github.event.release.tag_name }}
docker push ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }} docker push ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }}
docker push ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }} docker push ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }}
-
name: Delete artifacts docker push ${{ secrets.PLATFORM_ECR }}/${{ secrets.PLATFORM_ECR_REPOSITORY }}:${{ env.STABLE_TAG }}
docker push ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
docker push ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
- name: Delete artifacts
if: always() if: always()
uses: geekyeggo/delete-artifact@v1 uses: geekyeggo/delete-artifact@v1
with: with:

8
.github/workflows/pull-request.yml vendored
View File

@@ -1,12 +1,12 @@
name: Lint & Test name: pr-lint-test
on: on:
push: push:
branches: branches:
- "prowler-3.0-dev" - "master"
pull_request: pull_request:
branches: branches:
- "prowler-3.0-dev" - "master"
jobs: jobs:
build: build:
@@ -30,7 +30,7 @@ jobs:
VERSION=$(curl --silent "https://api.github.com/repos/hadolint/hadolint/releases/latest" | \ VERSION=$(curl --silent "https://api.github.com/repos/hadolint/hadolint/releases/latest" | \
grep '"tag_name":' | \ grep '"tag_name":' | \
sed -E 's/.*"v([^"]+)".*/\1/' \ sed -E 's/.*"v([^"]+)".*/\1/' \
) && curl -L -o /tmp/hadolint https://github.com/hadolint/hadolint/releases/download/v${VERSION}/hadolint-Linux-x86_64 \ ) && curl -L -o /tmp/hadolint "https://github.com/hadolint/hadolint/releases/download/v${VERSION}/hadolint-Linux-x86_64" \
&& chmod +x /tmp/hadolint && chmod +x /tmp/hadolint
- name: Lint with flake8 - name: Lint with flake8
run: | run: |