-
Notifications
You must be signed in to change notification settings - Fork 0
/
buildspec.yml
executable file
·33 lines (31 loc) · 1.33 KB
/
buildspec.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
version: 0.2
phases:
install:
commands:
- aws sts get-caller-identity --output table
- echo ----------------------------------------------
- echo Running for environment $TERRAFORM_ENV
pre_build:
commands:
- echo Install Trivy...
- rpm -ivh https://github.com/aquasecurity/trivy/releases/download/v0.18.3/trivy_0.18.3_Linux-64bit.rpm
- echo Logging in to Amazon ECR...
- $(aws ecr get-login --region $AWS_DEFAULT_REGION --no-include-email)
- AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text)
- REPOSITORY_URI=${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/${IMAGE_REPO_NAME}
- COMMIT_HASH=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7)
- IMAGE_TAG=${COMMIT_HASH:=latest}
build:
commands:
- echo Build started on `date`
- echo Building the Docker image...
- docker build -t $REPOSITORY_URI:latest .
- docker tag $REPOSITORY_URI:latest $REPOSITORY_URI:$IMAGE_TAG
post_build:
commands:
- echo Build completed on `date`
- echo Scanning for CVEs...
- trivy --no-progress --exit-code 1 --severity HIGH,CRITICAL $REPOSITORY_URI:latest
- echo Pushing the Docker image...
- docker push $REPOSITORY_URI:latest
- docker push $REPOSITORY_URI:$IMAGE_TAG