Skip to content

chore(deps): update mcr.microsoft.com/vscode/devcontainers/python:1-3.11 docker digest to 138c451 #1524

chore(deps): update mcr.microsoft.com/vscode/devcontainers/python:1-3.11 docker digest to 138c451

chore(deps): update mcr.microsoft.com/vscode/devcontainers/python:1-3.11 docker digest to 138c451 #1524

name: Build containers CI
on:
workflow_dispatch:
pull_request:
env:
AWS_REGION: ca-central-1
GITHUB_SHA: ${{ github.sha }}
REGISTRY: ${{ secrets.AWS_ACCOUNT }}.dkr.ecr.ca-central-1.amazonaws.com/security-tools
permissions:
id-token: write
contents: write
pull-requests: write
actions: write
checks: write
statuses: write
security-events: write
jobs:
changes:
runs-on: ubuntu-latest
outputs:
images: ${{ steps.filter.outputs.changes }}
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: dorny/paths-filter@7267a8516b6f92bdb098633497bad573efdbf271 # v2.12.0
id: filter
with:
filters: |
images/cloud_asset_inventory/cloudquery: 'images/cloud_asset_inventory/cloudquery/**'
images/csp_violation_report_service: 'images/csp_violation_report_service/**'
build:
if: needs.changes.outputs.images != '[]'
runs-on: ubuntu-latest
needs: changes
strategy:
fail-fast: false
matrix:
image: ${{ fromJSON(needs.changes.outputs.images) }}
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: configure aws credentials using OIDC
uses: aws-actions/configure-aws-credentials@master
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/security-tools-plan
role-session-name: ECRTestLogin
aws-region: ${{ env.AWS_REGION }}
- name: Login to ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
- name: Build container
working-directory: ./${{ matrix.image }}
run: |
docker build \
--build-arg git_sha=$GITHUB_SHA \
-t $REGISTRY/${{ matrix.image }}:latest .
- name: Logout of Amazon ECR
run: docker logout ${{ steps.login-ecr.outputs.registry }}