Skip to content

github-workflows-dojo360-dockerfile-ci

Build and scan container images from a Dockerfile using Optum golden images and the recommended UHG reusable workflow

active
IDE:
claude
codex
vscode
Version:
1.0.0
Owner:pcorazao
github-actions
workflow
dojo360

Dockerfile CI Workflow Skill

Overview

This skill covers Docker image build + scan patterns for repos that publish container images.

The Dojo360 workflow (dockerfile-ci.yml) exists, but for new implementations the recommended approach is to use the UHG CI Workflows reusable workflow from uhg-pipelines/ci-workflows.

Workflow Reference

Recommended (Use This)

Repository: uhg-pipelines/ci-workflows
Workflow: .github/workflows/docker-ci.yml@v2

Legacy (Dojo360)

Repository: dojo360/pipelines-workflows
Workflow: .github/workflows/dockerfile-ci.yml
Docs: https://github.com/dojo360/pipelines-workflows/tree/main/web/dockerfile-ci/index.md

Key Features

  • Builds Docker images from your Dockerfile
  • Runs security scanning as part of the CI workflow (implementation is workflow-dependent)
  • Publishes to SaaS Artifactory (Central) when configured

Prerequisites

  • A Dockerfile in your repo
  • Your Dockerfile MUST use Optum golden images (no public Docker Hub base images)
  • Artifactory project/repositories provisioned

Common Inputs (UHG reusable workflow)

InputTypeDescription
jfrog-project-keystringJFrog project key (routes to correct SaaS Artifactory repos)
docker-tagsstringImage tag(s) to publish (example: centraluhg.jfrog.io/<repo>/<name>:<tag>)
docker-contextstringDocker build context (default: .)
docker-dockerfilestringDockerfile path (default: Dockerfile)
working-directorystringOptional working directory if your Dockerfile lives in a subfolder

Secrets

UHG reusable workflows typically handle Artifactory auth via OIDC + EPL actions, but you may still need:

  • Repo/org secrets required by your org’s scanning configuration
  • Any additional secrets required by downstream promotion/deploy workflows

Templates

See ready-to-copy examples in .github/skills/github-workflows-dojo360-dockerfile-ci/templates/:

  • basic-dockerfile-ci.yml
  • dockerfile-ci-with-matrix-tags.yml
  • dockerfile-ci-subdirectory.yml

Notes / Gotchas

  • Ensure the docker-tags repository matches your project’s docker repo naming.
  • Prefer pinned base-image tags for reproducibility.
  • For Optum compliance, always base images from:
    • edgeinternal1uhg.optum.com:443/glb-docker-uhg-loc/uhg-goldenimages/

Related Assets