search

alexjurkiewicz / ecr-scan-image

Github Action to run AWS ECR vulnerability scan on Docker image
MIT License
28 stars 23 forks source link

Add proxy support #12

Closed donovanmuller closed 3 years ago

donovanmuller commented 3 years ago

Add global proxy configuration via proxy-agent as per https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/node-configuring-proxies.html

This allows the proxy URL to be specified via environment variables such as:

      - name: Scan Docker image
        id: docker-scan
        uses: donovanmuller/ecr-scan-image@proxy-support
        env:
          https_proxy: http://proxy.com:3128
        with:
          repository: myorg/myimage
          tag: v1.2.3
          fail_threshold: high

Note: This only adds proxy support for consuming the ECR API and not for the Docker action build. Currently (as far as I'm aware) there is no elegant way to support optional proxy support via Docker build args or other means, without being intrusive. See https://github.community/t/feature-request-build-args-support-in-docker-container-actions/16846 for a discussion around the current limitation.

Alternatively, would the author consider hosting a built version of the image on Docker Hub or other public repository? This would negate the need to build an image on workflow run and therefore get around the Docker build proxy requirement.

Resolves #11

donovanmuller commented 3 years ago

@alexjurkiewicz I'm admittedly not an expert level JS developer (use it when I have too), so you're welcome to update the code to modernise 👍

alexjurkiewicz commented 3 years ago

@pzi WDYT?

alexjurkiewicz commented 3 years ago

Thank you! Release as v1.6.0.

pzi commented 3 years ago

Looking at this again with fresh eyes, only thing we were missing is a mention of it in the README (example) 😬