# BUILD Phase

After several scans for secret and vulnerabilities, we can build and push our app to docker hub. For that, i added build stage to gitlab-ci.yaml<br>

{% code title="gitlab-ci.yaml" %}

```yaml
build_image:
  stage: build  # Define the stage of the CI/CD pipeline as 'build'
  image: docker:latest  # Use the latest version of the Docker image

  script:  # The list of commands that are run during this stage
    - docker login -u "$DOCKERHUB_USERNAME" -p "$DOCKERHUB_PASSWORD"  # Log in to Docker Hub using environment variables for credentials
    - VERSION=$(cat version.txt)  # Read the version number from version.txt and store it in a variable named VERSION
    - docker build -t asafahmad/ghost:$VERSION .  # Build the Docker image and tag it using the version number
    - docker push asafahmad/ghost:$VERSION  # Push the built image with its tag to Docker Hub

```

{% endcode %}

<figure><img src="https://3780827056-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZJs5tQDEhqdUzV8OKFwp%2Fuploads%2FWJbklGPNcSpAvqZ6cny7%2Fasdq.png?alt=media&#x26;token=a927b0f9-c5e4-49ca-ba5b-5f29f55a9de1" alt=""><figcaption></figcaption></figure>

After success build then I added container scan stage for scanning the image which we created

```
snyk_container_security:
  stage: container_scan
  image: 
    name: snyk/snyk-cli:1.1205.0-docker
    entrypoint: [""]
  script:
    - npm install -g npm@latest
    - npm install -g synk
    - snyk auth $SNYK_TOKEN
    - snyk container monitor asafahmad/ghost:v5 --org=785253e7-a8e7-412e-a88b-b1f89e0e2d08
  allow_failure: true    
```

<figure><img src="https://3780827056-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZJs5tQDEhqdUzV8OKFwp%2Fuploads%2FKK54KwygLApWnpnqfJwa%2Fimage.png?alt=media&#x26;token=2da577c7-d65e-4412-be72-270f791231f3" alt=""><figcaption></figcaption></figure>