Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/meysam81/build-docker

A shorthand GitHub Action for building Docker and pushing to ghcr.io and other repositories. An smaller alternative to combining qemu and other steps.
https://github.com/meysam81/build-docker

automation buildx ci-cd composite-action container-image container-registry container-security devops docker docker-build docker-push docker-scout dockerhub ghcr github-action github-actions kubescape multi-platform security-scanning vulnerability-scanning

Last synced: 10 days ago
JSON representation

A shorthand GitHub Action for building Docker and pushing to ghcr.io and other repositories. An smaller alternative to combining qemu and other steps.

Host: GitHub
URL: https://github.com/meysam81/build-docker
Owner: meysam81
License: apache-2.0
Created: 2024-10-24T03:32:42.000Z (15 days ago)
Default Branch: main
Last Pushed: 2024-10-24T04:08:52.000Z (15 days ago)
Last Synced: 2024-10-24T20:56:00.284Z (15 days ago)
Topics: automation, buildx, ci-cd, composite-action, container-image, container-registry, container-security, devops, docker, docker-build, docker-push, docker-scout, dockerhub, ghcr, github-action, github-actions, kubescape, multi-platform, security-scanning, vulnerability-scanning
Homepage:
Size: 17.6 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

README

        # build-docker

- [build-docker](#build-docker)

  - [Features](#features)

  - [Usage](#usage)

  - [Inputs](#inputs)

  - [Outputs](#outputs)

  - [Example](#example)

A GitHub composite action that simplifies Docker image building, pushing, and scanning. It combines Docker build, push, metadata handling, Scout scanning, and Kubescape security analysis into a single action.

## Features

- Multi-platform builds (amd64/arm64)

- GitHub Container Registry integration

- Docker Hub support

- Docker Scout vulnerability scanning

- Kubescape security analysis

- GitHub cache optimization

- SARIF report generation

## Usage

```yaml

- uses: meysam81/build-docker@v1

  with:

    image-name: ghcr.io/${{ github.repository }} # e.g. ghrc.io/octocat/hello-world

```

## Inputs

| Name                     | Description                                                                           | Required | Default                   |

| ------------------------ | ------------------------------------------------------------------------------------- | -------- | ------------------------- |

| `image-name`             | Image name (including registry path)                                                  | Yes      | -                         |

| `github-token`           | GitHub token for authentication                                                       | Yes      | `${{ github.token }}`     |

| `build-args`             | Docker build arguments                                                                | No       | `""`                      |

| `context`                | Build context path                                                                    | No       | `.`                       |

| `dockerhub-username`     | Docker Hub username (required when `scout-cves` or `scout-compare` is enabled)        | No       | `""`                      |

| `dockerhub-password`     | Docker Hub password (required when `scout-cves` or `scout-compare` is enabled)        | No       | `""`                      |

| `image-extra-tags`       | Additional image tags                                                                 | No       | `""`                      |

| `image-target`           | Multi-stage build target                                                              | No       | `""`                      |

| `platforms`              | Build platforms                                                                       | No       | `linux/amd64,linux/arm64` |

| `push`                   | Push to registry (requires `packages: write`)                                         | No       | `true`                    |

| `ref`                    | Git ref to checkout                                                                   | No       | `${{ github.ref }}`       |

| `runner`                 | GitHub runner to use                                                                  | No       | `ubuntu-latest`           |

| `scout-compare`          | Enable Docker Scout comparison                                                        | No       | `false`                   |

| `scout-comment-pr`       | Add Scout results as PR comment (only in pull requests)                               | No       | `false`                   |

| `scout-cves`             | Enable Docker Scout CVE scanning                                                      | No       | `false`                   |

| `kubescape`              | Enable Kubescape scanning                                                             | No       | `false`                   |

| `kubescape-upload-sarif` | Upload Kubescape SARIF results to GitHub Security (requires `security-events: write`) | No       | `false`                   |

## Outputs

| Name       | Description                      |

| ---------- | -------------------------------- |

| `digest`   | Image content-addressable digest |

| `imageid`  | Built image ID                   |

| `metadata` | Build result metadata            |

## Example

```yaml

name: ci

on:

  push:

    branches:

      - main

jobs:

  build:

    runs-on: ubuntu-latest

    steps:

      - uses: meysam81/build-docker@v1

        with:

          image-name: ghcr.io/${{ github.repository }}

          image-extra-tags: |

            ghcr.io/${{ github.repository }}:${{ github.run_id }}

          kubescape: true

          kubescape-upload-sarif: true

```