github-workflows-dojo360-dockerfile-ci
Build and scan container images from a Dockerfile using Optum golden images and the recommended UHG reusable workflow
Dockerfile CI Workflow Skill
Overview
This skill covers Docker image build + scan patterns for repos that publish container images.
The Dojo360 workflow (dockerfile-ci.yml) exists, but for new implementations the recommended approach is to use the UHG CI Workflows reusable workflow from uhg-pipelines/ci-workflows.
Workflow Reference
Recommended (Use This)
Repository: uhg-pipelines/ci-workflows
Workflow: .github/workflows/docker-ci.yml@v2
Legacy (Dojo360)
Repository: dojo360/pipelines-workflows
Workflow: .github/workflows/dockerfile-ci.yml
Docs: https://github.com/dojo360/pipelines-workflows/tree/main/web/dockerfile-ci/index.md
Key Features
- Builds Docker images from your Dockerfile
- Runs security scanning as part of the CI workflow (implementation is workflow-dependent)
- Publishes to SaaS Artifactory (Central) when configured
Prerequisites
- A
Dockerfilein your repo - Your Dockerfile MUST use Optum golden images (no public Docker Hub base images)
- Artifactory project/repositories provisioned
Common Inputs (UHG reusable workflow)
| Input | Type | Description |
|---|---|---|
jfrog-project-key | string | JFrog project key (routes to correct SaaS Artifactory repos) |
docker-tags | string | Image tag(s) to publish (example: centraluhg.jfrog.io/<repo>/<name>:<tag>) |
docker-context | string | Docker build context (default: .) |
docker-dockerfile | string | Dockerfile path (default: Dockerfile) |
working-directory | string | Optional working directory if your Dockerfile lives in a subfolder |
Secrets
UHG reusable workflows typically handle Artifactory auth via OIDC + EPL actions, but you may still need:
- Repo/org secrets required by your org’s scanning configuration
- Any additional secrets required by downstream promotion/deploy workflows
Templates
See ready-to-copy examples in .github/skills/github-workflows-dojo360-dockerfile-ci/templates/:
basic-dockerfile-ci.ymldockerfile-ci-with-matrix-tags.ymldockerfile-ci-subdirectory.yml
Notes / Gotchas
- Ensure the
docker-tagsrepository matches your project’s docker repo naming. - Prefer pinned base-image tags for reproducibility.
- For Optum compliance, always base images from:
edgeinternal1uhg.optum.com:443/glb-docker-uhg-loc/uhg-goldenimages/
Related Assets
github-workflows-dojo360-azure-infrastructure
Deploy Azure infrastructure using Terraform with PCAM vaulted access and native Azure authentication through Dojo360 Azure Infrastructure workflow
Owner: pcorazao
github-workflows-dojo360-container-cd
Deploy containerized applications to AWS ECS/Azure ACS using Dojo360 Container CD workflow with blue-green and rolling update strategies
Owner: pcorazao
github-workflows-dojo360-container-promotion
Multi-environment container deployment promotion through prescribed deployment paths with automated approval gates and E2E testing
Owner: pcorazao
github-workflows-dojo360-database
Automate database schema updates using Liquibase via the Dojo360 database workflow (with rollback and validation patterns)
Owner: pcorazao
github-workflows-dojo360-database-promotion
Promote Liquibase database changes across environments (dev→qa→cert→prod) with deployment-path validation and approval gates
Owner: pcorazao
github-workflows-dojo360-dotnet-ci
Build, test, and scan .NET apps using the recommended UHG reusable CI workflow, with optional publish/pack and container builds
Owner: pcorazao

