Example (audit mode) #20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Example (audit mode) | |
| on: | |
| workflow_dispatch: | |
| permissions: {} | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Prevent accidental execution of dash14's actions after forking. | |
| # External actions referenced by tag pose a supply chain risk. | |
| - name: Guard against unmodified fork usage | |
| if: github.repository != 'dash14/buildcage' | |
| run: | | |
| echo "::error::This example references dash14/buildcage actions by tag. Replace with your fork (e.g., <your-org>/buildcage/setup@v2), or pin by commit hash if using dash14/buildcage directly." | |
| exit 1 | |
| - name: Start Buildcage builder | |
| # For self-hosting, replace with: <your-org>/buildcage/setup@v2 | |
| # If using dash14/buildcage directly, pinning by commit hash is | |
| # recommended for supply chain security. | |
| uses: dash14/buildcage/setup@v2 | |
| with: | |
| proxy_mode: audit | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 | |
| with: | |
| driver: remote | |
| endpoint: docker-container://buildcage | |
| - name: Create test Dockerfile | |
| run: | | |
| mkdir -p /tmp/build-context | |
| cat <<'EOF' > /tmp/build-context/Dockerfile | |
| FROM node:24-alpine | |
| WORKDIR /app | |
| RUN npm init -y && npm install --ignore-scripts express | |
| EOF | |
| - name: Build test image | |
| uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 | |
| with: | |
| context: /tmp/build-context | |
| push: false | |
| no-cache: true | |
| env: | |
| DOCKER_BUILD_SUMMARY: false | |
| DOCKER_BUILD_RECORD_UPLOAD: false | |
| - name: Show proxy report | |
| if: always() | |
| # For self-hosting, replace with: <your-org>/buildcage/report@v2 | |
| # If using dash14/buildcage directly, pinning by commit hash is | |
| # recommended for supply chain security. | |
| uses: dash14/buildcage/report@v2 |