Build Image
This workflow uses Kaniko to build and archive a Docker image. The image tag is created based on user inputs, Git tags, or commit information. The image is built, saved as a `.tar` file, and the digest is retrieved using crane. Finally, the image, tag, and digest are uploaded as artifacts. To use this component, you need to have a `Dockerfile` in your repository's root directory.
The build-image workflow accepts the following inputs:
| Name | Description | Required | Default Value |
|---|---|---|---|
api-url | URL of the DevGuard API | No | https://api.main.devguard.org |
asset-name | Name of the asset to be scanned | Yes | |
path | Path to the source code to be scanned | No | . |
image-destination-path | Destination of the image.tar file | No | image.tar |
image | OCI image name, includes the tag name | No | |
artifact-suffix | This is only needed if you are using this job multiple times in the same workflow. For example if you are scanning multiple images build from the same source with different configuration. | No | '' |
image-suffix | Suffix for the image name. You probably need this if you are building multiple images. For example building a -scanner image and a -web image. | No | '' |
disable-artifact-registry-as-image-store | If the artifact size is too big for your github usage quota, set this to true. This will push the image directly to the registry instead of uploading it as artifact. | No | false |
Usage Example: Here’s an example of how to call this reusable workflow from another workflow file:
name: DevGuard Workflow
on:
push
jobs:
devguard-build-image:
uses: l3montree-dev/devguard-action/.github/workflows/build-image.yml@main
with:
api-url: https://api.main.devguard.org
asset-name: 'myOrgnaization/projects/myProject/assets/myAsset'
secrets:
devguard-token: ${{ secrets.DEVGUARD_TOKEN }}