Build Block
To prevent the build from proceeding, include the .fd.config.yaml file in the root directory.
To block the build based on secrets and SAST issues, define the severity levels (critical, high, medium, low) in the .fd.config.yaml file.
.fd.config.yaml
fail-build-on:
secrets:
- criticalMake sure the Docker run command includes the -e EXIT_ON_ERROR=true variable to block the build if any issues occur.
Ensure that the DuckDefender.yml file contains the -e EXIT_ON_ERROR=true variable to block the build if any issues arise.
DuckDefender.yml
env:
docker_tag: flyingduckio/duckdefender:latest
name: DuckDefender
on:
push:
branches: [ "master", "main", "release", "develop" ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Download latest DuckDefender
run: docker pull "${{env.docker_tag}}"
- name: Run DuckDefender
run: |
docker run \
-e EXIT_ON_ERROR=true \
-e GITHUB_REPOSITORY_OWNER="${{github.repository_owner}}" \
-e GITHUB_REPOSITORY_OWNER_ID="${{github.repository_owner_id}}" \
-e GITHUB_REPOSITORY="${{github.repository}}" \
-e GITHUB_REPOSITORY_ID="${{github.repository_id}}" \
-e GITHUB_EVENT_NAME="${{github.event_name}}" \
-e GITHUB_ACTOR="${{github.actor}}" \
-e GITHUB_ACTOR_ID="${{github.actor_id}}" \
-e FD_API_KEY="${{secrets.FD_API_KEY}}" \
-e GITHUB_TOKEN="${{github.token}}" \
-e GITHUB_HEAD_REF="${{github.head_ref}}" \
-e GITHUB_BASE_REF="${{github.base_ref}}" \
-e GITHUB_REF="${{github.ref}}" \
-e GITHUB_SHA="${{github.sha}}" \
-e WORKSPACE_PATH="/src" \
-v "${{ github.workspace }}":/src \
--entrypoint /bin/sh "${{env.docker_tag}}" -c "duckdefender code --all"