Add SNYK scan to build image

DFE-Digital · Jan 21, 2025 · d07cb35 · d07cb35
1 parent 9dc29c3
commit d07cb35
Showing 1 changed file with 17 additions and 19 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -2,8 +2,8 @@ name: Deploy to AKS production cluster
 
 on:
   push:
-    branches:
-    - main
+  #  branches:
+  #  - main
   schedule: # 06:00 UTC Mon-Fri
     - cron: '0 6 * * 1-5'
   workflow_dispatch:
@@ -26,32 +26,29 @@ jobs:
 
     - run: bundle exec middleman build
 
-    - name: Login to GitHub Container Registry
-      uses: docker/login-action@v2
-      with:
-        registry: ghcr.io
-        username: ${{ github.repository_owner }}
-        password: ${{ secrets.GITHUB_TOKEN }}
-
-    - name: Build Docker Image
-      uses: docker/build-push-action@v3
+    - name: Build and push docker image
+      id: build-image
+      uses: DFE-Digital/github-actions/build-docker-image@master
       with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
         context: .
-        tags: |
-          ${{env.DOCKER_IMAGE}}:${{ github.sha }}
-          ${{env.DOCKER_IMAGE}}:latest
-        push: true
+        max-cache: true
+        reuse-cache: true
+        snyk-token: ${{ secrets.SNYK_TOKEN }}
 
     - uses: azure/login@v1
+      if: github.ref == 'refs/heads/main'
       with:
         creds: ${{ secrets.AZURE_CREDENTIALS }}
 
     - name: Set up kubelogin for non-interactive login
       uses: azure/use-kubelogin@v1
+      if: github.ref == 'refs/heads/main'
       with:
         kubelogin-version: 'v0.0.34'
 
     - uses: azure/aks-set-context@v3
+      if: github.ref == 'refs/heads/main'
       with:
         resource-group: s189p01-tsc-pd-rg
         cluster-name: s189p01-tsc-production-aks
@@ -60,10 +57,11 @@ jobs:
 
     - name: Deploy to AKS
       uses: Azure/k8s-deploy@v4
+      if: github.ref == 'refs/heads/main'
       with:
         namespace: bat-production
         manifests: |
-            manifests
-        images: ${{env.DOCKER_IMAGE}}:${{ github.sha }}
-        annotate-namespace: false
-        pull-images: false
+           manifests
+       images: ${{env.DOCKER_IMAGE}}:${{ github.sha }}
+       annotate-namespace: false
+       pull-images: false