Add terrascan_atlantis container build and push in release workflow

tenable · May 5, 2021 · 3a654af · 3a654af
1 parent 73c0b3e
commit 3a654af
Show file tree

Hide file tree

Showing 6 changed files with 75 additions and 0 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -31,8 +31,14 @@ jobs:
     - name: Build Terrascan docker image
       run: make docker-build
 
+    - name: Build terrascan_atlantis docker image
+      run: make atlantis-docker-build
+
     - name: Login to docker hub
       run: echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u accurics --password-stdin
 
     - name: Push Terrascan latest tag docker image
       run: make docker-push-latest-tag
+
+    - name: Push terrascan_atlantis latest tag docker image
+      run: make atlantis-docker-push-latest-tag
diff --git a/Makefile b/Makefile
@@ -19,6 +19,10 @@ help:
 	@echo "docker-push\n\tpush terrascan docker image"
 	@echo "docker-push-latest\n\tpush terrascan docker image with latest tag"
 	@echo "docker-push-latest-tag\n\tpush terrascan docker image with latest release tag"
+	@echo "docker-atlantis-build\n\tbuild terrascan_atlantis docker image"
+	@echo "docker-atlantis-push\n\tpush terrascan_atlantis docker image"
+	@echo "docker-atlantis-push-latest\n\tpush terrascan_atlantis docker image with latest tag"
+	@echo "docker-atlantis-push-latest-tag\n\tpush terrascan_atlantis docker image with latest release tag"
 	@echo "gofmt\n\tvalidate gofmt"
 	@echo "golint\n\tvalidate golint"
 	@echo "gomodverify\n\tverify go modules"
@@ -104,3 +108,19 @@ docker-push-latest:
 # push release tag terrascan docker image
 docker-push-latest-tag:
 	./scripts/docker-push-latest-tag.sh
+
+# build terrascan_atlantis docker image
+atlantis-docker-build:
+	./scripts/atlantis/docker-build.sh
+
+# push terrascan_atlantis docker image
+atlantis-docker-push:
+	./scripts/atlantis/docker-push.sh
+
+# push latest terrascan_atlantis docker image
+atlantis-docker-push-latest:
+	./scripts/atlantis/docker-push-latest.sh
+
+# push release tag terrascan_atlantis docker image
+atlantis-docker-push-latest-tag:
+	./scripts/atlantis/docker-push-latest-tag.sh
diff --git a/scripts/atlantis/docker-build.sh b/scripts/atlantis/docker-build.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+GIT_COMMIT=$(git rev-parse --short HEAD 2>/dev/null)
+DOCKER_REPO="accurics/terrascan_atlantis"
+DIR="./atlantis"
+
+docker build -t ${DOCKER_REPO}:${GIT_COMMIT} ${DIR}
diff --git a/scripts/atlantis/docker-push-latest-tag.sh b/scripts/atlantis/docker-push-latest-tag.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+GIT_COMMIT=$(git rev-parse --short HEAD 2>/dev/null)
+DOCKER_REPO="accurics/terrascan_atlantis"
+LATEST_TAG=$(git describe --abbrev=0 --tags)
+LATEST_TAG_SHORT=$(echo "${LATEST_TAG//v}")
+
+# PS: It is a prerequisite to execute 'docker login' before running this script
+docker tag ${DOCKER_REPO}:${GIT_COMMIT} ${DOCKER_REPO}:${LATEST_TAG_SHORT}
+docker push ${DOCKER_REPO}:${LATEST_TAG_SHORT}
diff --git a/scripts/atlantis/docker-push-latest.sh b/scripts/atlantis/docker-push-latest.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+GIT_COMMIT=$(git rev-parse --short HEAD 2>/dev/null)
+DOCKER_REPO="accurics/terrascan_atlantis"
+LATEST_TAG="latest"
+
+# PS: It is a prerequisite to execute 'docker login' before running this script
+docker tag ${DOCKER_REPO}:${GIT_COMMIT} ${DOCKER_REPO}:${LATEST_TAG}
+docker push ${DOCKER_REPO}:${LATEST_TAG}
diff --git a/scripts/atlantis/docker-push.sh b/scripts/atlantis/docker-push.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+GIT_COMMIT=$(git rev-parse --short HEAD 2>/dev/null)
+DOCKER_REPO="accurics/terrascan_atlantis"
+
+# PS: It is a prerequisite to execute 'docker login' before running this script
+docker push ${DOCKER_REPO}:${GIT_COMMIT}