Skip to content

Format gitleaks slack message. #9

Format gitleaks slack message.

Format gitleaks slack message. #9

Workflow file for this run

name: pipeline
on:
push:
branches:
- '*'
jobs:
security:
name: gitleaks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Notify
if: always()
uses: ravsamhq/notify-slack-action@v1
with:
status: ${{ job.status }}
notify_when: 'failure'
notification_title: '{workflow} has {status_message}'
message_format: ':warning: LEAKED SECRETS in *{workflow}* (<{repo_url}|{repo}>)'
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
build-check-push-image:
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./application
needs: [ security ]
steps:
- uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and export to Docker
uses: docker/build-push-action@v5
id: build
with:
context: .
load: true
- name: Scan image
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ steps.build.outputs.imageid }}
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL'
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Push
uses: docker/build-push-action@v5
with:
push: true
tags: dvdty/branch-deploy-application:${{ github.sha }}