Skip to content

Commit

Permalink
Add building quay/dockerhub and run tests for 8.4 zts
Browse files Browse the repository at this point in the history
  • Loading branch information
@en-jschuetze
en-jschuetze authored Jan 16, 2025
1 parent c755cf1 commit 7302a6f
Showing 1 changed file with 64 additions and 3 deletions.
67 changes: 64 additions & 3 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,8 @@ on:

env:
GITHUB_REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
GITHUB_IMAGE_NAME: ${{ github.repository }}
IMAGE_NAME: endava/php
RELEASE_REF_FILTER: 'refs/heads/release/'
EXCLUDED_PLATFORM: "none" # change to linux/amd64
# and thos blocks from:
Expand Down Expand Up @@ -299,6 +300,60 @@ jobs:
- name: "PHP_VERSION Env arm64"
if: env.EXCLUDED_PLATFORM != 'linux/arm64'
run: echo "PHP_VERSION=`docker run --pull=never --rm -t temporary-build-image-linux-arm64 php --version | head -n 1 | cut -f 2 -d ' '``docker run --pull=never --rm -t temporary-build-image-linux-arm64 php --version | grep 'ZTS' >/dev/null && echo '-zts' || echo ''`" >> $GITHUB_ENV
- name: "Run Tests amd64"
if: env.EXCLUDED_PLATFORM != 'linux/amd64'
run: tests/run_tests.sh
env:
DOCKER_REGISTRY_IMAGE: "temporary-build-image-linux-amd64"
- name: "Run Tests arm64"
if: env.EXCLUDED_PLATFORM != 'linux/arm64'
run: tests/run_tests.sh
env:
DOCKER_REGISTRY_IMAGE: "temporary-build-image-linux-arm64"
- if: ${{ contains(matrix.suffix, 'unsuffixed') && contains(github.ref, 'refs/heads/release/') }}
uses: aquasecurity/trivy-action@master
with:
image-ref: php-${{ env.PHP_VERSION }}
format: 'table'
exit-code: '0' # we don't break the build if vulnerabilities are included!
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'

- if: ${{ contains(matrix.suffix, 'unsuffixed') && contains(github.ref, 'refs/heads/release/') }}
name: Run Alpine Trivy vulnerability scanner and upload to github security tab
uses: aquasecurity/trivy-action@master
with:
image-ref: php-${{ env.PHP_VERSION }}
format: 'sarif'
output: 'trivy-results.sarif'

- if: ${{ contains(matrix.suffix, 'unsuffixed') && contains(github.ref, 'refs/heads/release/') }}
name: Upload Alpine Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'
- if: ${{ contains(matrix.suffix, 'unsuffixed') && contains(github.ref, 'refs/heads/release/') }}
name: Run Trivy in GitHub SBOM mode and submit results to Dependency Snapshots
uses: aquasecurity/trivy-action@master
with:
format: 'github'
output: 'dependency-results.sbom.json'
image-ref: 'temporary-build-image-linux-amd64'
github-pat: ${{ secrets.PAT }}
- if: github.event_name != 'pull_request'
name: Login to DockerHub
uses: docker/[email protected]
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- if: github.event_name != 'pull_request'
name: Login to Quay.io
uses: docker/[email protected]
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
- name: Log into registry ${{ env.GITHUB_REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/[email protected]
Expand All @@ -312,7 +367,10 @@ jobs:
with:
tags: |
type=raw,value=${{ env.PHP_VERSION }}
images: ${{ env.GITHUB_REGISTRY }}/${{ env.IMAGE_NAME }}
images: |
${{ env.IMAGE_NAME }
quay.io/${{ env.IMAGE_NAME }
${{ env.GITHUB_REGISTRY }}/${{ env.GITHUB_IMAGE_NAME }}
- name: Set platforms
id: set-platforms
run: |
Expand Down Expand Up @@ -352,7 +410,10 @@ jobs:
with:
tags: |
type=raw,value=${{ env.PHP_VERSION }}-${{ matrix.suffix }}
images: ${{ env.GITHUB_REGISTRY }}/${{ env.IMAGE_NAME }}
images: |
${{ env.IMAGE_NAME }
quay.io/${{ env.IMAGE_NAME }
${{ env.GITHUB_REGISTRY }}/${{ env.GITHUB_IMAGE_NAME }}
- if: ${{ !contains(matrix.suffix, 'unsuffixed') }}
name: Build and push Dockerfile-${{ matrix.suffix }}
uses: docker/[email protected]
Expand Down

0 comments on commit 7302a6f

Please sign in to comment.