A technical demonstration of building ARM images using Docker and GitHub Actions, and testing them for vulnerabilities using Snyk.
- Install QEMU using docker/setup-qemu-action
- Install and configure buildx using docker/setup-buildx-action
- Build the ARM image using
docker buildxand docker/build-push-action- Check the image for vulnerabilities using snyk/actions/docker
- Push to Docker Hub using docker/github-action
name: Image
on:
push:
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: github/super-linter@v3
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# QEMU is used to emulated the ARM architecture, allowing us
# to build not-x86 images
- uses: docker/setup-qemu-action@master
with:
platforms: all
# Buildx provides an easier way of building Docker images for other architectures
- uses: docker/setup-buildx-action@master
- name: Build image
run: |
docker buildx build --platform=linux/arm64 --load -t temporary .
- name: Run Snyk to check Docker image for vulnerabilities
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: monitor
image: temporary
args: --file=Dockerfile --platform=linux/arm64 --project-name=docker.io/garethr/snykum
- uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
# Use the build cache and push the imagee
- name: Push image to Docker Hub
run: |
docker buildx build --platform=linux/arm64 --push -t garethr/snykum .