-
Notifications
You must be signed in to change notification settings - Fork 0
/
buildspec-container-scan-build.yml
73 lines (72 loc) · 2.78 KB
/
buildspec-container-scan-build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
version: 0.2
env:
#variables:
# key: "value"
parameter-store:
SmartCheckURL: "SmartCheckAPIURL"
SmartCheckAuthorization: "SmartCheckAuthorization"
ECR_Registry: "registryDemoPipeline"
Repository: "repositoryDemoPipeline"
Imagetag: "ImagetagDemoPipeline"
ImageDigest: "ImageDigestDemoPipeline"
awsRegion: "RegionAWS"
awsAccessKeyID: "AccessKeyIDAWS"
awsSecretAccessKey: "SecretAccessKeyAWS"
insecureSkipVerify: "insecureSkipVerify"
#secrets-manager:
# key: secret-id:json-key:version-stage:version-id
# key: secret-id:json-key:version-stage:version-id
#exported-variables:
# - variable
# - variable
#git-credential-helper: yes
#batch:
#fast-fail: true
#build-list:
#build-matrix:
#build-graph:
phases:
#install:
#Se você usar a imagem padrão do Ubuntu 2.0 ou posterior, você deve especificar as versões de tempo de execução.
#Se você especificar versões de tempo de execução e usar uma imagem que não seja a imagem padrão do Ubuntu 2.0, a compilação falhará.
#runtime-versions:
# name: version
# name: version
#commands:
# - command
# - command
pre_build:
commands:
- echo Logging in to Amazon ECR...
- aws ecr get-login-password --region ${awsRegion} | docker login --username AWS --password-stdin ${ECR_Registry}
build:
commands:
- echo Container Scan using Trend Micro Smart Check started on `date`
- curl --location --request POST ${SmartCheckURL} --insecure --header 'Authorization:Bearer '${SmartCheckAuthorization}'' --header 'Content-Type:application/json' --header 'X-Api-Version:2018-05-01' --data-raw '{ "name":"Scan a Container Image in AWS Elastic Container Registry", "source":{ "type":"docker","registry":"'${ECR_Registry}'","repository":"'${Repository}'","tag":"'${Imagetag}'","digest":"'${ImageDigest}'","credentials":{"aws":{"region":"'${awsRegion}'","accessKeyID":"'${awsAccessKeyID}'","secretAccessKey":"'${awsSecretAccessKey}'"}},"insecureSkipVerify":'${insecureSkipVerify}'},"context":{"Scan":"Sucesso!"}}'
- echo Container Build started on `date`
- echo Building the Docker image...
- docker build -t ${Repository} .
- docker tag ${Repository}:latest ${ECR_Registry}/${Repository}:latest
post_build:
commands:
- echo Build completed on `date`
- echo Pushing the Docker image...
- docker push ${ECR_Registry}/${Repository}:latest
#reports:
#report-name-or-arn:
#files:
# - location
# - location
#base-directory: location
#discard-paths: yes
#file-format: JunitXml | CucumberJson
#artifacts:
#files:
# - location
# - location
#name: $(date +%Y-%m-%d)
#discard-paths: yes
#base-directory: location
#cache:
#paths:
# - paths