Skip to content

rudderlabs/build-scan-push-action

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
README.md
README.md
 
 
action.yml
action.yml
 
 

Repository files navigation

build-scan-push-action

About

GitHub Action to build, scan, sign and push Docker images. This is a thin wrapper around docker-build-push GitHub action.

This action does the following:

  1. Builds the docker image (with push set to false).
  2. Scans the built docker image for secrets with Trufflehog.
    • GitHub action fails if secrets are found in the docker image
  3. Pushes the docker image to a docker repository if no secrets are found (when push is set to true).
  4. Signs the docker image

permissions

GitHub Actions can use Fulcio to sign images. Fulcio is a root CA that issues signing certificates from OIDC tokens. Add the following below permissions for image siging in your workflow at root level. eg

 permissions:
  id-token: write  
  contents: read

Usage

Replace docker/build-push-action@vX with rudderlabs/build-scan-push-action@v1.x in your GitHub Workflows.

For more info, refer the documentation of docker-build-push GitHub Action.

Current Limitations

This GitHub Action only accepts the following inputs.

  • build-args
  • cache-from
  • cache-to
  • context
  • file
  • labels
  • load
  • platforms
  • provenance
  • push
  • sbom
  • secret-envs
  • secrets
  • tags
  • target

If you want to use an input which is not in the above mentioned list, feel free to contribute or reach out to infra team for support.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

6 watching

Forks

0 forks
Report repository

Releases 7

v1.3 Latest
Feb 1, 2025
+ 6 releases

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •