Build Block

Build Block

To prevent the build from proceeding, include the .fd.config.yaml file in the root directory.
To block the build based on secrets and SAST issues, define the severity levels (critical, high, medium, low) in the .fd.config.yaml file.

.fd.config.yaml
fail-build-on: 
  secrets:
    - critical

Make sure the Docker run command includes the -e EXIT_ON_ERROR=true variable to block the build if any issues occur.

Ensure that the DuckDefender.yml file contains the -e EXIT_ON_ERROR=true variable to block the build if any issues arise.

DuckDefender.yml
env:
  docker_tag: flyingduckio/duckdefender:latest
 
name: DuckDefender
  
on:
  push:
      branches: [ "master", "main", "release", "develop" ]
  
jobs:
  build:
    runs-on: ubuntu-latest
  
    steps:
      - uses: actions/checkout@v3
  
      - name: Download latest DuckDefender
        run: docker pull "${{env.docker_tag}}"
  
      - name: Run DuckDefender
        run: |
          docker run \
          -e EXIT_ON_ERROR=true \
          -e GITHUB_REPOSITORY_OWNER="${{github.repository_owner}}" \
          -e GITHUB_REPOSITORY_OWNER_ID="${{github.repository_owner_id}}" \
          -e GITHUB_REPOSITORY="${{github.repository}}" \
          -e GITHUB_REPOSITORY_ID="${{github.repository_id}}" \
          -e GITHUB_EVENT_NAME="${{github.event_name}}" \
          -e GITHUB_ACTOR="${{github.actor}}" \
          -e GITHUB_ACTOR_ID="${{github.actor_id}}" \
          -e FD_API_KEY="${{secrets.FD_API_KEY}}" \
          -e GITHUB_TOKEN="${{github.token}}" \
          -e GITHUB_HEAD_REF="${{github.head_ref}}" \
          -e GITHUB_BASE_REF="${{github.base_ref}}" \
          -e GITHUB_REF="${{github.ref}}" \
          -e GITHUB_SHA="${{github.sha}}" \
          -e WORKSPACE_PATH="/src" \
          -v "${{ github.workspace }}":/src \
          --entrypoint /bin/sh "${{env.docker_tag}}" -c "duckdefender code --all"