The following is my actions file.
name: ZAP
on: push
jobs:
build:
runs-on: ubuntu-latest
container:
image: owasp/zap2docker-stable
options: --user root
volumes:
- /__w/actions-test-repo/actions-test-repo:/zap/wrk/
steps:
- uses: actions/checkout#v1
- name: view file
run: pwd
- name: run zap
if: always()
run: zap-baseline.py -t https://www.example.com -g gen.conf -r testreport.html
- name: view file
if: always()
run: pwd
I want to bind the directory /zap/wrk/ to a local directory. But when the container starts it does not mount this volume. I got the present working directory and mounted it to the docker container. Is this the correct way to do it?
Results link: https://github.com/sshniro/actions-test-repo/commit/08c0257d92b772a1d33c0b68cb8af99afdef9130/checks?check_suite_id=324032091
Similar issues have been identified in this forum as well.
https://github.community/t5/GitHub-Actions/Container-volumes-key-not-mounting-volume/td-p/34798
The workaround is to use the options parameter.
name: ZAP
on: push
jobs:
build:
runs-on: ubuntu-latest
container:
image: owasp/zap2docker-stable
options: -v /__w/actions-test-repo/actions-test-repo:/zap/wrk/:rw
steps:
- uses: actions/checkout#v2
- name: run zap
if: always()
run: zap-baseline.py -t https://www.example.com -g gen.conf -w testreport.md
Related
I am trying to build CI/CD pipelines using GitHub Actions but unfortunately, I am stuck with an error with the yaml file.
Here is my Yaml file is:
---
name: Build and push python code to gcp with github actions
on:
push:
branches:
- main
jobs:
build_push_grc:
name: Build and push to gcr
runs_on: unbuntu-latest
env:
IMAGE_NAME: learning_cicd
PROJECT_ID: personal-370316
steps:
- name: Checkoutstep
uses: actions/checkout#v2
- uses: google-github-actions/setup-gcloud#master
with:
service_account_key: ${{ secrets.SERVICE_ACCOUNT_KEY}}
project_id: ${{ env.PROJECT_ID }}
export_default_credentials: true
- name: Build Docker Image
run: docker build -t $IMAGE_NAME:latest .
- name: Configure Docker Client
run: |-
gcloud auth configure-docker --quiet
- name: Push Docker Image to Container Registry (GCR)
env:
GIT_TAG: v0.1.0
run: |-
docker tag $IMAGE_NAME:latest gcr.io/$PROJECT_ID/$IMAGE_NAME:latest
docker tag $IMAGE_NAME:latest gcr.io/$PROJECT_ID/$IMAGE_NAME:$GIT_TAG
docker push gcr.io/$PROJECT_ID/$IMAGE_NAME:latest
docker push gcr.io/$PROJECT_ID/$IMAGE_NAME:$GIT_TAG
Here is an error where I am stuck with:
GitHub Actions
/ .github/workflows/gcp.yaml
Invalid workflow file
You have an error in your yaml syntax on line 15
I tried all possible indentations available on the internet but had no luck. I tried Yamllinter but still could not find where the error comes from. Please point me to where I am going wrong.
Thanks.
The runs-on (not runs_on) should have two spaces indentation relative to the job identifier. Also, the OS should be ubuntu-latest.
Then, env should have the same indentation as runs-on or name, the same as steps.
Here is the correct WF:
---
name: Build and push python code to gcp with github actions
on:
push:
branches:
- main
jobs:
build_push_grc:
name: Build and push to gcr
runs-on: ubuntu-latest
env:
IMAGE_NAME: learning_cicd
PROJECT_ID: personal-370316
steps:
- name: Checkoutstep
uses: actions/checkout#v2
- uses: google-github-actions/setup-gcloud#master
with:
service_account_key: ${{ secrets.SERVICE_ACCOUNT_KEY}}
project_id: ${{ env.PROJECT_ID }}
export_default_credentials: true
- name: Build Docker Image
run: docker build -t $IMAGE_NAME:latest .
- name: Configure Docker Client
run: |-
gcloud auth configure-docker --quiet
- name: Push Docker Image to Container Registry (GCR)
env:
GIT_TAG: v0.1.0
run: |-
docker tag $IMAGE_NAME:latest gcr.io/$PROJECT_ID/$IMAGE_NAME:latest
docker tag $IMAGE_NAME:latest gcr.io/$PROJECT_ID/$IMAGE_NAME:$GIT_TAG
docker push gcr.io/$PROJECT_ID/$IMAGE_NAME:latest
docker push gcr.io/$PROJECT_ID/$IMAGE_NAME:$GIT_TAG
I would recommend debugging such issues in the GitHub file edit form (editing the yml file in the .github/workflows directory). It will highlight all the issues regarding the workflow syntax. Demo.
When running an action during a pull request the path emitted by mkdir while trying to create a folder was different than the current directory set by a previous step. This also continues to the next steps as follows..
name: Publish demo
on:
push:
branches:
- 'develop'
pull_request:
branches:
- 'develop'
jobs:
web-deploy:
name: Deploy
runs-on: windows-latest
steps:
- name: Get latest code
uses: actions/checkout#v3
- name: Setup MSBuild
uses: microsoft/setup-msbuild#v1
- name: Setup NuGet
uses: NuGet/setup-nuget#v1.1.1
- name: Navigate to Workspace
run: cd ${{ github.workspace }}/demo_project
- name: Create Build Directory
run: mkdir _build
- name: Restore Packages
run: nuget restore demo_project.csproj
- name: Build Solution
run: |
msbuild.exe demo_project.csproj /nologo /nr:false /p:DeployOnBuild=true /p:DeployDefaultTarget=WebPublish /p:WebPublishMethod=FileSystem /p:DeleteExistingFiles=True /p:platform="Any CPU" /p:configuration="Release" /p:PublishUrl="_build"
- name: Sync files
uses: SamKirkland/FTP-Deploy-Action#4.3.3
with:
local-dir: "_build"
server: <server>
username: <username>
password: ${{ secrets.password }}
So, in this line..
run: mkdir _build
the _build folder should be created in demo_project but instead it gets created in ${{ github.workspace }} which i think means that setting the current directory here..
run: cd ${{ github.workspace }}/demo_project
which in turn prints out this in job view..
Run cd D:\a\demo_solution\demo_solution/demo_project
and..
Input file does not exist: D:\demo_project.csproj.
did not take effect. So, what am i missing?
you could specify a different working directory for a job:
You can provide default shell and working-directory options for all run steps in a job
jobs:
web-deploy:
name: Deploy
runs-on: windows-latest
defaults:
run:
shell: bash
working-directory: ${{ github.workspace }}/demo_project
steps:
- name: Get latest code
uses: actions/checkout#v3
Below is my dockerfile. Is there a way to cache npm in GitHub action?
FROM node
WORKDIR /app
ADD package*.json ./
RUN npm ci
ENV PATH /app/node_modules/.bin:$PATH
My GitHub actions:
name: NPM buid
on:
push:
branches:
- main
jobs:
build-npm-image:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v1
- name: Build and Tag Node image
id: build-ui-image
run: |
export DOCKER_BUILDKIT=1
docker build -t ui -f ./ui/Dockerfile .
P.S I don't want to cache docker image. Above docker file is used just for example. objection is cache npm dependencies
This can be achieved with actions/setup-node#v3
steps:
- uses: actions/checkout#v3
- uses: actions/setup-node#v3
with:
node-version: current
cache: npm
- name: Build and Tag Node image
id: build-ui-image
run: |
export DOCKER_BUILDKIT=1
docker build -t ui -f ./ui/Dockerfile .
Did you check below action ?
actions/cache#v2
So your Actions yaml would look like below,
name: NPM buid
on:
push:
branches:
- main
jobs:
build-npm-image:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v1
- uses: actions/setup-node#v2
with:
node-version: '14'
- name: Caching node modules
uses: actions/cache#v2
with:
path: "app/node_modules"
key: node-modules-${{ hashFiles('app/package.json') }}
- name: Build and Tag Node image
id: build-ui-image
run: |
export DOCKER_BUILDKIT=1
docker build -t ui -f ./ui/Dockerfile .
Caching npm dependencies will not make a difference if you're building a docker image. You can use actions/setup-node for caching JS or docker/build-push-action for Docker.
I am trying to build an action that is triggered on creating a new release on GitHub which works fine, but I would like to reference the tag in my action:
name: Build production container
on:
release:
types:
- created
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v2
- name: Build the Docker image
run: |
echo "${{ SECRET }}" | docker login -u ME --password-stdin docker.pkg.github.com
docker build app/ -t docker.pkg.github.com/REPO_PATH/image:$VERSION
docker push docker.pkg.github.com/REPO_PATH/image:$VERSION
shell: bash
env:
VERSION: 0.0.1
This is my working action, but I would like to automatically pull the tag into the VERSION environment variable. I read the documentation, especially here where the GitHub context is referenced, but I can't seem to find anything about it.
It took me a while to figure out that the action has a different context for each method documented here. So the parameter I was looking for is the and I've set my action up after this example:
name: Build production container
on:
release:
types:
- created
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v2
- name: Get Tag Name
id: tag_name
run: |
echo ::set-output name=SOURCE_TAG::${GITHUB_REF#refs/tags/}
- name: Build the Docker image
run: |
echo "${{ SECRET }}" | docker login -u ME --password-stdin docker.pkg.github.com
docker build app/ -t docker.pkg.github.com/REPO_PATH/image:$VERSION
docker push docker.pkg.github.com/REPO_PATH/image:$VERSION
shell: bash
env:
VERSION: ${{ steps.tag_name.outputs.SOURCE_TAG }}
This basically adds getting the source parameter as an extra step, this way I can use it in the environment variables of the next step.
The following is my yml file for Github Actions. I want to set the user of the docker to root for the following via the docker options (--user root) . How can I do this via Github Actions?
name: CI
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: run zap
uses: docker://sshniro/zap_action
with:
args: zap-baseline.py -t https://www.example.com
Thanks in Advance.
I don't think you can pass docker container arguments when using uses:, but you can set them with job containers.
Try this workflow:
name: ZAP
on: push
jobs:
build:
runs-on: ubuntu-latest
container:
image: owasp/zap2docker-stable
options: --user root
steps:
- uses: actions/checkout#v2
- name: run zap
run: zap-baseline.py -t https://www.example.com
You can find the documentation for the job.<job_id>.container syntax here.