Skip to content
.github/workflows/03-build-containers.yml

Lpampolha/desafio nivel 3 #8

Sign in to view logs

Lpampolha/desafio nivel 3

Lpampolha/desafio nivel 3 #8

Workflow file for this run

.github/workflows/03-build-containers.yml at d78477a
name: "Nível 3: Containers e Segurança"

Check failure on line 1 in .github/workflows/03-build-containers.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/03-build-containers.yml

Invalid workflow file 

(Line: 18, Col: 21): Unrecognized named-value: 'github'. Located at position 1 within expression: github.actor, (Line: 19, Col: 21): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.GITHUB_TOKEN, (Line: 22, Col: 14): Unrecognized named-value: 'github'. Located at position 1 within expression: github.actor, (Line: 35, Col: 22): Unrecognized named-value: 'github'. Located at position 1 within expression: github.actor, (Line: 46, Col: 17): Unrecognized named-value: 'github'. Located at position 1 within expression: github.actor, (Line: 48, Col: 21): Unrecognized named-value: 'github'. Located at position 1 within expression: github.actor, (Line: 49, Col: 21): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.GITHUB_TOKEN, (Line: 63, Col: 3): Unexpected value 'generate-certificate', (Line: 70, Col: 14): Unrecognized named-value: 'github'. Located at position 1 within expression: github.actor, (Line: 1, Col: 1): Required property is missing: jobs
on:
pull_request:
types: [closed]
branches:
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
steps:
- name: Checkout do código
uses: actions/checkout@v3
- name: Login no GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build da imagem Docker
run: |
docker build -t ghcr.io/${{ github.actor }}/${{ vars.IMAGE_NAME }}:${{ github.sha }} .
- name: Lint do Dockerfile com Hadolint
run: |
hadolint Dockerfile --format tty | tee lint-report.txt
if grep -q "DL3006\|DL3008" lint-report.txt; then
exit 1
fi
- name: Scan de vulnerabilidades com Trivy
uses: aquasecurity/trivy-action@0.28.0
with:
image-ref: ghcr.io/${{ github.actor }}/${{ vars.IMAGE_NAME }}:${{ github.sha }}
format: sarif
output: trivy-report.txt
severity: CRITICAL
exit-code: 1
- name: Publicar imagem no GHCR
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: ghcr.io/${{ github.actor }}/${{ vars.IMAGE_NAME }}:${{ github.sha }}
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Upload do relatório de lint
uses: actions/upload-artifact@v4
with:
name: lint-report
path: lint-report.txt
- name: Upload do relatório de vulnerabilidades
uses: actions/upload-artifact@v4
with:
name: trivy-report
path: trivy-report.txt
generate-certificate:
name: "Desafio Nível 3 - Certificado"
needs: build-scan-and-push
if: success()
runs-on: ubuntu-latest
steps:
- name: "Gerar certificado"
run: |
mkdir -p certificates
cat > certificates/level-3-certificate.md << EOF
# Certificado de Conclusão - Nível 3
**Descomplicando Github Actions - GitHub Actions Edition**
---
Este certificado atesta que **${{ github.actor }}** concluiu com sucesso:
## Nível 3: Containers e Segurança
**Competências desenvolvidas:**
- Build de imagem Docker
- Lint de Dockerfile com Hadolint
- Scan de vulnerabilidades com Trivy (CRITICAL = 0)
- Relatório de vulnerabilidades como artefato
- Publicação no GitHub Container Registry (GHCR) condicionada ao scan
- Boas práticas de supply chain
**Data de conclusão:** $(date)
**Repositório:** ${{ github.repository }}
**Workflow:** ${{ github.run_id }}
---
**Badge conquistado:** Containers e Segurança
---
*Certificado gerado automaticamente pelo GitHub Actions*
*LINUXtips*
EOF
- name: "Upload do certificado"
uses: actions/upload-artifact@v4
with:
name: level-3-certificate
path: certificates/
retention-days: 30