name: Docker Publish Workflowon:
push:
branches:
- branch # Customize this to your main branchjobs:
publish:
runs-on: ubuntu-lateststeps:
- name: Checkout Repositoryuses: actions/checkout@v3
- name: Publish Docker Imageuses: moabukar/actions-templates/docker-publish@mainwith:
ECR_REPOSITORY_NAME: <Your ECR Repository Name>BASE_BRANCH: main # Customize this to your base branchSHA_TO_CHECKOUT: ${{ github.sha }}IMAGE_TAG_PREFIX: v1.0. # Customize the image tag prefixDOCKER_FILE_PATH: ./path/to/Dockerfile # Customize the Dockerfile pathREPOSITORY_NAME: your-repo-name # Customize your repository name
Markdown lint
name: Markdown Lint Workflowon:
push:
branches:
- main # Customize this to the branch you want to trigger the action onjobs:
markdown-lint:
runs-on: ubuntu-lateststeps:
- name: Checkout Repositoryuses: actions/checkout@v2 # You can use any version of checkout action
- name: Use markdown-lint action from moabukar/actions-templatesuses: moabukar/actions-templates/markdown-lint@mainwith:
target-repo: ${{ github.repository }}
Trivy scan
name: Trivy Scan Workflowon:
push:
branches:
- main # Customize this to the branch you want to trigger the action onjobs:
trivy-scan:
name: CVE Image Scanruns-on: ubuntu-lateststeps:
- name: Checkout Repositoryuses: actions/checkout@v2
- name: Run Trivy Scan Actionuses: moabukar/actions-templates/trivy-scan@mainwith:
image: 'ghcr.io/${{ github.repository }}:${{ github.sha }}'# Customize the image referenceexit-code: '1'# Customize the exit code if neededseverity: 'HIGH,CRITICAL'# Customize the severity if neededignore-unfixed: true # Customize to ignore unfixed vulnerabilities if neededupload-results: false # Customize to upload results if neededenv:
TRIVY_USERNAME: ${{ secrets.registry-username }} # Customize your registry username secretTRIVY_PASSWORD: ${{ secrets.registry-password }} # Customize your registry password secret