New attack technique: Usage of ec2instanceconnect:SendSSHPublicKey on… #85

	name: docker

	on:
	push:
	tags:
	- "*"

	env:
	REGISTRY: ghcr.io
	IMAGE_NAME: datadog/stratus-red-team

	permissions:
	contents: read

	jobs:
	docker-build-push:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: write
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423
	with:
	egress-policy: block
	allowed-endpoints: >
	auth.docker.io:443
	dl-cdn.alpinelinux.org:443
	ghcr.io:443
	github.com:443
	pipelines.actions.githubusercontent.com:443
	pkg-containers.githubusercontent.com:443
	production.cloudflare.docker.com:443
	proxy.golang.org:443
	registry-1.docker.io:443
	storage.googleapis.com:443
	*.actions.githubusercontent.com:443

	- name: Checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
	with:
	fetch-depth: 0

	- name: Log into registry ${{ env.REGISTRY }}
	uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Build and push Docker image
	uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56
	with:
	context: .
	push: true
	build-args: \|
	VERSION=${{ github.ref_name }}
	tags: \|
	${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
	${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest

Provide feedback