Bump dominate from 2.6.0 to 2.9.1 #682
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| name: GKE - Build, Scan and Deploy | |
| jobs: | |
| deploy: | |
| name: GKE - Build, Scan and Deploy | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Google authentication | |
| uses: 'google-github-actions/auth@v0' | |
| with: | |
| credentials_json: ${{ secrets.GKE_SA_KEY }} | |
| - name: 'Set up Google Cloud SDK' | |
| uses: 'google-github-actions/setup-gcloud@v0' | |
| with: | |
| project_id: ${{ secrets.GKE_PROJECT }} | |
| - name: Get docker GCR credentials | |
| run: |- | |
| gcloud --quiet auth configure-docker gcr.io | |
| # Get the GKE credentials so we can deploy to the cluster | |
| - name : Get GKE credentials | |
| uses: google-github-actions/get-gke-credentials@v0 | |
| with: | |
| cluster_name: ${{ secrets.GKE_CLUSTER }} | |
| location: ${{ secrets.GKE_ZONE }} | |
| # - name: Run Bridgecrew | |
| # id: Bridgecrew | |
| # uses: bridgecrewio/bridgecrew-action@master | |
| # env: | |
| # PRISMA_API_URL: https://api2.prismacloud.io | |
| # with: | |
| # api-key: ${{ secrets.BC_API_KEY }} | |
| # soft_fail: false | |
| # - name: Expose report | |
| # uses: actions/upload-artifact@v2 | |
| # with: | |
| # name: SARIF results | |
| # path: results.sarif | |
| # Build the Docker image | |
| - name: Build | |
| run: |- | |
| docker build --tag "gcr.io/${{ secrets.GKE_PROJECT }}/${{ secrets.IMAGE }}:${{ github.sha }}" . | |
| - name: Prisma Cloud image scan | |
| id: scan | |
| uses: PaloAltoNetworks/prisma-cloud-scan@v1 | |
| with: | |
| pcc_console_url: ${{ secrets.PCC_CONSOLE_URL }} | |
| pcc_user: ${{ secrets.PCC_USER }} | |
| pcc_pass: ${{ secrets.PCC_PASS }} | |
| image_name: gcr.io/${{ secrets.GKE_PROJECT }}/${{ secrets.IMAGE }}:${{ github.sha }} | |
| project: "GKE Demo" | |
| # Push the Docker image to Google Container Registry | |
| - name: Publish | |
| run: |- | |
| docker push "gcr.io/${{ secrets.GKE_PROJECT }}/${{ secrets.IMAGE }}:${{ github.sha }}" | |
| - name: Update deploy image to GKE | |
| run: |- | |
| kustomize create --resources gke-deployment.yml | |
| kustomize edit set image "demo-image-name=gcr.io/${{ secrets.GKE_PROJECT }}/${{ secrets.IMAGE }}:${{ github.sha }}" | |
| cat kustomization.yaml | |
| kustomize build . | kubectl apply -f - | |
| kubectl get pods -o wide | |