Build Block
To prevent the build from proceeding, include the .fd.config.yaml file in the root directory.
To block the build based on secrets and SAST issues, define the severity levels (critical
, high
, medium
, low
) in the .fd.config.yaml
file.
.fd.config.yaml
fail-build-on:
secrets:
- critical
Make sure the Docker run command includes the -e EXIT_ON_ERROR=true
variable to block the build if any issues occur.
Ensure that the DuckDefender.yml
file contains the -e EXIT_ON_ERROR=true
variable to block the build if any issues arise.
DuckDefender.yml
env:
docker_tag: flyingduckio/duckdefender:latest
name: DuckDefender
on:
push:
branches: [ "master", "main", "release", "develop" ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Download latest DuckDefender
run: docker pull "${{env.docker_tag}}"
- name: Run DuckDefender
run: |
docker run \
-e EXIT_ON_ERROR=true \
-e GITHUB_REPOSITORY_OWNER="${{github.repository_owner}}" \
-e GITHUB_REPOSITORY_OWNER_ID="${{github.repository_owner_id}}" \
-e GITHUB_REPOSITORY="${{github.repository}}" \
-e GITHUB_REPOSITORY_ID="${{github.repository_id}}" \
-e GITHUB_EVENT_NAME="${{github.event_name}}" \
-e GITHUB_ACTOR="${{github.actor}}" \
-e GITHUB_ACTOR_ID="${{github.actor_id}}" \
-e FD_API_KEY="${{secrets.FD_API_KEY}}" \
-e GITHUB_TOKEN="${{github.token}}" \
-e GITHUB_HEAD_REF="${{github.head_ref}}" \
-e GITHUB_BASE_REF="${{github.base_ref}}" \
-e GITHUB_REF="${{github.ref}}" \
-e GITHUB_SHA="${{github.sha}}" \
-e WORKSPACE_PATH="/src" \
-v "${{ github.workspace }}":/src \
--entrypoint /bin/sh "${{env.docker_tag}}" -c "duckdefender code --all"