mirror of
https://github.com/sberk42/fritzbox_exporter.git
synced 2026-05-20 16:23:30 +00:00
178 lines
5.1 KiB
YAML
178 lines
5.1 KiB
YAML
name: Container
|
|
|
|
on:
|
|
push:
|
|
# Publish `main` as Docker `latest` image.
|
|
branches:
|
|
- main
|
|
- master
|
|
|
|
# Publish `v1.2.3` tags as releases.
|
|
tags:
|
|
- '**' # All tags kick off a new container build Save history ad 5.0.x etc
|
|
|
|
# Run tests for any PRs.
|
|
pull_request:
|
|
|
|
env:
|
|
BUILD_PLATFORM: |
|
|
linux/arm/v6
|
|
linux/arm/v7
|
|
linux/arm64
|
|
linux/amd64
|
|
# Enable Docker Buildkit
|
|
DOCKER_BUILDKIT: 1
|
|
IMAGE_NAME: fritzbox_exporter
|
|
|
|
jobs:
|
|
lint:
|
|
runs-on: ubuntu-latest
|
|
if: github.event_name == 'push'
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Lint Dockerfile
|
|
uses: hadolint/hadolint-action@v3.0.0
|
|
with:
|
|
dockerfile: Dockerfile
|
|
|
|
prepare:
|
|
runs-on: ubuntu-latest
|
|
if: github.event_name == 'push'
|
|
needs: lint
|
|
# Map a step output to a job output
|
|
outputs:
|
|
DOCKER_REPOSITORY: ${{ steps.tag_image.outputs.DOCKER_REPOSITORY }}
|
|
DOCKER_TAG: ${{ steps.tag_image.outputs.DOCKER_TAG }}
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Tag Image
|
|
id: tag_image
|
|
run: |
|
|
DOCKER_REPOSITORY=ghcr.io/${{ github.repository }}
|
|
|
|
# Change all uppercase to lowercase
|
|
DOCKER_REPOSITORY=$(echo $DOCKER_REPOSITORY | tr '[A-Z]' '[a-z]')
|
|
|
|
DOCKER_TAG=${{ github.ref_name }}
|
|
|
|
# Use Docker `latest` tag convention
|
|
[ "$DOCKER_TAG" == "master" ] && DOCKER_TAG=latest
|
|
[ "$DOCKER_TAG" == "main" ] && DOCKER_TAG=latest
|
|
|
|
echo DOCKER_REPOSITORY=$DOCKER_REPOSITORY
|
|
echo DOCKER_TAG=$DOCKER_TAG
|
|
echo "DOCKER_REPOSITORY=${DOCKER_REPOSITORY}" >> $GITHUB_OUTPUT
|
|
echo "DOCKER_TAG=${DOCKER_TAG}" >> $GITHUB_OUTPUT
|
|
|
|
# Build and push image to GitHub Packages.
|
|
# See also https://docs.docker.com/docker-hub/builds/
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
if: github.event_name == 'push'
|
|
needs: [prepare]
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
|
|
- name: Set up Docker Buildx
|
|
id: buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Build Image and Export
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
build-args: REPO=${{ github.repository }}
|
|
context: .
|
|
cache-from: |
|
|
type=gha,scope=build-${{ github.ref_name }}
|
|
type=gha,scope=build-main
|
|
cache-to: type=gha,mode=max,scope=build-${{ github.ref_name }}
|
|
file: Dockerfile
|
|
platforms: ${{ env.BUILD_PLATFORM }}
|
|
outputs: type=oci,dest=/tmp/image.tar
|
|
target: runtime-image
|
|
|
|
- name: Upload image artifact
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: docker-image
|
|
path: /tmp/image.tar
|
|
retention-days: 1
|
|
|
|
# Load artifact and push to registry
|
|
push:
|
|
runs-on: ubuntu-latest
|
|
if: github.event_name == 'push'
|
|
needs: [prepare, build]
|
|
|
|
steps:
|
|
- name: Download image artifact
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: docker-image
|
|
path: /tmp
|
|
|
|
- name: Install skopeo
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get install -y skopeo
|
|
|
|
- name: Log into registry
|
|
run: echo "${{ secrets.GITHUB_TOKEN }}" | skopeo login ghcr.io -u ${{ github.actor }} --password-stdin
|
|
|
|
- name: Push OCI image to registry
|
|
run: |
|
|
skopeo copy --all \
|
|
oci-archive:/tmp/image.tar \
|
|
docker://${{ needs.prepare.outputs.DOCKER_REPOSITORY }}:${{ needs.prepare.outputs.DOCKER_TAG }}
|
|
skopeo copy --all \
|
|
oci-archive:/tmp/image.tar \
|
|
docker://${{ needs.prepare.outputs.DOCKER_REPOSITORY }}:${{ github.sha }}
|
|
skopeo copy --all \
|
|
oci-archive:/tmp/image.tar \
|
|
docker://${{ needs.prepare.outputs.DOCKER_REPOSITORY }}/fritzbox_exporter:${{ needs.prepare.outputs.DOCKER_TAG }}
|
|
skopeo copy --all \
|
|
oci-archive:/tmp/image.tar \
|
|
docker://${{ needs.prepare.outputs.DOCKER_REPOSITORY }}/fritzbox_exporter:${{ github.sha }}
|
|
|
|
- name: Inspect image
|
|
if: success()
|
|
run: |
|
|
docker buildx imagetools inspect ${{ needs.prepare.outputs.DOCKER_REPOSITORY }}:${{ needs.prepare.outputs.DOCKER_TAG }}
|
|
docker buildx imagetools inspect ${{ needs.prepare.outputs.DOCKER_REPOSITORY }}:${{ github.sha }}
|
|
|
|
test:
|
|
runs-on: ubuntu-latest
|
|
if: github.event_name == 'push'
|
|
needs: [prepare, push]
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Run Trivy vulnerability scanner
|
|
uses: aquasecurity/trivy-action@master
|
|
with:
|
|
image-ref: "${{ needs.prepare.outputs.DOCKER_REPOSITORY }}:${{ github.sha }}"
|
|
format: 'sarif'
|
|
output: 'trivy-results.sarif'
|
|
ignore-unfixed: true
|
|
vuln-type: 'os,library'
|
|
severity: 'MEDIUM,HIGH,CRITICAL'
|
|
|
|
- name: Upload Trivy scan results to GitHub Security tab
|
|
uses: github/codeql-action/upload-sarif@v3
|
|
if: always()
|
|
with:
|
|
sarif_file: 'trivy-results.sarif'
|