-
-
Notifications
You must be signed in to change notification settings - Fork 0
139 lines (131 loc) · 5.18 KB
/
docker-latest.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: "Image"
on:
workflow_dispatch:
schedule:
- cron: '32 5 15 * *' # At 05:32 on day-of-month 15.
jobs:
docker:
name: Build container image
runs-on: ubuntu-latest
steps:
# Add repository
# https://podman.io/docs/installation#linux-distributions
- name: Podman repository 🔧
run: |
curl -fsSL https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Testing/Release.key \
| gpg --dearmor \
| sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null
echo "deb [signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg] https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Testing/ /" \
| sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null
sudo apt-get update
- name: Install dependencies 🔧
run: |
sudo apt-get -y install podman
podman version
- name: Checkout 🛎️
uses: actions/checkout@v4
# Add support for more platforms with QEMU
# https://github.com/marketplace/actions/docker-setup-qemu
- name: Set up QEMU 🔧
uses: docker/setup-qemu-action@v3
with:
platforms: 'arm64'
# Login
# https://github.com/marketplace/actions/docker-login
- name: Login to GitHub container registry 🏭
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build 🧪
run: |
podman manifest create "cloud-tools-container" && \
podman build \
--manifest "cloud-tools-container" \
--platform "linux/amd64,linux/arm64" \
--tag "ghcr.io/cyclenerd/cloud-tools-container:test" \
. && \
podman manifest inspect "cloud-tools-container" | jq && \
podman manifest inspect "cloud-tools-container" | grep -o "amd64" && \
podman manifest inspect "cloud-tools-container" | grep -o "arm64" && \
podman manifest push --all "cloud-tools-container" "docker://ghcr.io/cyclenerd/cloud-tools-container:test"
docker-test:
name: Test container image
needs: [docker]
runs-on: ubuntu-latest
steps:
- name: Checkout 🛎️
uses: actions/checkout@v4
# Inspect
- name: Inspect test image 💿
run: |
skopeo inspect --raw "docker://ghcr.io/cyclenerd/cloud-tools-container:test" | jq && \
skopeo inspect --raw "docker://ghcr.io/cyclenerd/cloud-tools-container:test" | grep -o "amd64" && \
skopeo inspect --raw "docker://ghcr.io/cyclenerd/cloud-tools-container:test" | grep -o "arm64"
# Run test
- name: Pull test image 💿
run: |
docker pull "ghcr.io/cyclenerd/cloud-tools-container:test"
docker tag "ghcr.io/cyclenerd/cloud-tools-container:test" "cloud-tools-container"
- name: Images 📏
run: docker images
# Tests
- name: Test 📏
run: bash test.sh
container-scan:
name: Container image scan
runs-on: ubuntu-latest
needs: [docker-test]
steps:
- name: Checkout 🛎️
uses: actions/checkout@v4
# Scan with Grype vulnerability scanner
# https://github.com/anchore/scan-action
- name: Scan 🧐
uses: anchore/scan-action@v3
id: scan
with:
image: "ghcr.io/cyclenerd/cloud-tools-container:test"
# Do not fail to upload the SARIF report in the next step...
fail-build: false
severity-cutoff: critical
output-format: sarif
- name: Upload SARIF report 📤
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
github-registry-latest:
name: Push image to GitHub
runs-on: ubuntu-latest
needs: [container-scan]
steps:
- name: Login to GitHub container registry 🏭
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push image to GitHub container registry as latest version 🚢
run: skopeo copy --all "docker://ghcr.io/cyclenerd/cloud-tools-container:test" "docker://ghcr.io/cyclenerd/cloud-tools-container:latest"
docker-hub-latest:
name: Push image to Docker Hub
runs-on: ubuntu-latest
needs: [container-scan]
steps:
- name: Login to Docker Hub registry 🏭
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_REGISTRY_USERNAME }}
password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
- name: Push image to Docker Hub registry as latest version 🚢
run: skopeo copy --all "docker://ghcr.io/cyclenerd/cloud-tools-container:test" "docker://cyclenerd/cloud-tools-container:latest"
readme:
name: Update README
runs-on: ubuntu-latest
needs: [docker-hub-latest, github-registry-latest]
steps:
- name: Checkout 🛎️
uses: actions/checkout@v4
- name: Update 📰
run: bash readme.sh