Image #59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Image" | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '32 5 15 * *' # At 05:32 on day-of-month 15. | |
| jobs: | |
| docker: | |
| name: Build container image | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Add repository | |
| # https://podman.io/docs/installation#linux-distributions | |
| - name: Podman repository 🔧 | |
| run: | | |
| curl -fsSL https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Testing/Release.key \ | |
| | gpg --dearmor \ | |
| | sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null | |
| echo "deb [signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg] https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Testing/ /" \ | |
| | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null | |
| sudo apt-get update | |
| - name: Install dependencies 🔧 | |
| run: | | |
| sudo apt-get -y install podman | |
| podman version | |
| - name: Checkout 🛎️ | |
| uses: actions/checkout@v4 | |
| # Add support for more platforms with QEMU | |
| # https://github.com/marketplace/actions/docker-setup-qemu | |
| - name: Set up QEMU 🔧 | |
| uses: docker/setup-qemu-action@v3 | |
| with: | |
| platforms: 'arm64' | |
| # Login | |
| # https://github.com/marketplace/actions/docker-login | |
| - name: Login to GitHub container registry 🏭 | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build 🧪 | |
| run: | | |
| podman manifest create "cloud-tools-container" && \ | |
| podman build \ | |
| --manifest "cloud-tools-container" \ | |
| --platform "linux/amd64,linux/arm64" \ | |
| --tag "ghcr.io/cyclenerd/cloud-tools-container:test" \ | |
| . && \ | |
| podman manifest inspect "cloud-tools-container" | jq && \ | |
| podman manifest inspect "cloud-tools-container" | grep -o "amd64" && \ | |
| podman manifest inspect "cloud-tools-container" | grep -o "arm64" && \ | |
| podman manifest push --all "cloud-tools-container" "docker://ghcr.io/cyclenerd/cloud-tools-container:test" | |
| docker-test: | |
| name: Test container image | |
| needs: [docker] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout 🛎️ | |
| uses: actions/checkout@v4 | |
| # Inspect | |
| - name: Inspect test image 💿 | |
| run: | | |
| skopeo inspect --raw "docker://ghcr.io/cyclenerd/cloud-tools-container:test" | jq && \ | |
| skopeo inspect --raw "docker://ghcr.io/cyclenerd/cloud-tools-container:test" | grep -o "amd64" && \ | |
| skopeo inspect --raw "docker://ghcr.io/cyclenerd/cloud-tools-container:test" | grep -o "arm64" | |
| # Run test | |
| - name: Pull test image 💿 | |
| run: | | |
| docker pull "ghcr.io/cyclenerd/cloud-tools-container:test" | |
| docker tag "ghcr.io/cyclenerd/cloud-tools-container:test" "cloud-tools-container" | |
| - name: Images 📏 | |
| run: docker images | |
| # Tests | |
| - name: Test 📏 | |
| run: bash test.sh | |
| container-scan: | |
| name: Container image scan | |
| runs-on: ubuntu-latest | |
| needs: [docker-test] | |
| steps: | |
| - name: Checkout 🛎️ | |
| uses: actions/checkout@v4 | |
| # Scan with Grype vulnerability scanner | |
| # https://github.com/anchore/scan-action | |
| - name: Scan 🧐 | |
| uses: anchore/scan-action@v3 | |
| id: scan | |
| with: | |
| image: "ghcr.io/cyclenerd/cloud-tools-container:test" | |
| # Do not fail to upload the SARIF report in the next step... | |
| fail-build: false | |
| severity-cutoff: critical | |
| output-format: sarif | |
| - name: Upload SARIF report 📤 | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: ${{ steps.scan.outputs.sarif }} | |
| github-registry-latest: | |
| name: Push image to GitHub | |
| runs-on: ubuntu-latest | |
| needs: [container-scan] | |
| steps: | |
| - name: Login to GitHub container registry 🏭 | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Push image to GitHub container registry as latest version 🚢 | |
| run: skopeo copy --all "docker://ghcr.io/cyclenerd/cloud-tools-container:test" "docker://ghcr.io/cyclenerd/cloud-tools-container:latest" | |
| docker-hub-latest: | |
| name: Push image to Docker Hub | |
| runs-on: ubuntu-latest | |
| needs: [container-scan] | |
| steps: | |
| - name: Login to Docker Hub registry 🏭 | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_REGISTRY_USERNAME }} | |
| password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} | |
| - name: Push image to Docker Hub registry as latest version 🚢 | |
| run: skopeo copy --all "docker://ghcr.io/cyclenerd/cloud-tools-container:test" "docker://cyclenerd/cloud-tools-container:latest" | |
| readme: | |
| name: Update README | |
| runs-on: ubuntu-latest | |
| needs: [docker-hub-latest, github-registry-latest] | |
| steps: | |
| - name: Checkout 🛎️ | |
| uses: actions/checkout@v4 | |
| - name: Update 📰 | |
| run: bash readme.sh |