CI - build, test & push #45

	name: CI - build, test & push

	on:
	workflow_dispatch:
	# push:
	# branches: [main]

	env:
	ECR_REPOSITORY: ${{ secrets.AWS_REPO }}
	IMAGE_TAG: ${{ github.event.repository.name }}

	jobs:

	build:
	name: CI pipeline
	runs-on: ubuntu-latest

	steps:
	- name: checkout code
	uses: actions/checkout@v3
	with:
	fetch-depth: 0

	- name: gitleaks scan
	uses: gitleaks/gitleaks-action@v2
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Checkout code
	uses: actions/checkout@v3

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v3
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY}}
	aws-region: eu-west-1

	- name: Login to AWS ECR
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@v2

	- name: Build image
	run: docker build . --file Dockerfile --tag $ECR_REPOSITORY:$IMAGE_TAG

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	scan-type: image
	image-ref: ${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}
	format: 'json'
	output: 'trivy-results.json'

	- name: Push image
	run: docker push $ECR_REPOSITORY:$IMAGE_TAG

Provide feedback