name: build-lint-push-containers on: push: branches: - "master" paths-ignore: - ".github/**" - "README.md" - "docs/**" release: types: [published] env: AWS_REGION_STG: eu-west-1 AWS_REGION_PLATFORM: eu-west-1 AWS_REGION: us-east-1 IMAGE_NAME: prowler LATEST_TAG: latest STABLE_TAG: stable TEMPORARY_TAG: temporary DOCKERFILE_PATH: ./Dockerfile PYTHON_VERSION: 3.9 jobs: # Build Prowler OSS container container-build-push: # needs: dockerfile-linter runs-on: ubuntu-latest env: POETRY_VIRTUALENVS_CREATE: "false" steps: - name: Checkout uses: actions/checkout@v4 - name: Setup python (release) if: github.event_name == 'release' uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHON_VERSION }} - name: Install dependencies (release) if: github.event_name == 'release' run: | pipx install poetry pipx inject poetry poetry-bumpversion - name: Update Prowler version (release) if: github.event_name == 'release' run: | poetry version ${{ github.event.release.tag_name }} - name: Login to DockerHub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to Public ECR uses: docker/login-action@v3 with: registry: public.ecr.aws username: ${{ secrets.PUBLIC_ECR_AWS_ACCESS_KEY_ID }} password: ${{ secrets.PUBLIC_ECR_AWS_SECRET_ACCESS_KEY }} env: AWS_REGION: ${{ env.AWS_REGION }} - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build and push container image (latest) if: github.event_name == 'push' uses: docker/build-push-action@v5 with: push: true tags: | ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }} ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }} file: ${{ env.DOCKERFILE_PATH }} cache-from: type=gha cache-to: type=gha,mode=max - name: Build and push container image (release) if: github.event_name == 'release' uses: docker/build-push-action@v5 with: # Use local context to get changes # https://github.com/docker/build-push-action#path-context context: . push: true tags: | ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }} ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }} ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }} ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }} file: ${{ env.DOCKERFILE_PATH }} cache-from: type=gha cache-to: type=gha,mode=max dispatch-action: needs: container-build-push runs-on: ubuntu-latest steps: - name: Get latest commit info if: github.event_name == 'push' run: | LATEST_COMMIT_HASH=$(echo ${{ github.event.after }} | cut -b -7) echo "LATEST_COMMIT_HASH=${LATEST_COMMIT_HASH}" >> $GITHUB_ENV - name: Dispatch event for latest if: github.event_name == 'push' run: | curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" --data '{"event_type":"dispatch","client_payload":{"version":"latest", "tag": "${{ env.LATEST_COMMIT_HASH }}"}}' - name: Dispatch event for release if: github.event_name == 'release' run: | curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" --data '{"event_type":"dispatch","client_payload":{"version":"release", "tag":"${{ github.event.release.tag_name }}"}}'