github/fritzbox_exporter
1
0
Fork 0
mirror of https://github.com/sberk42/fritzbox_exporter.git synced 2026-05-20 16:23:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
83192d8fe9253a2415419344e955ec0933bac2ea
fritzbox_exporter/.github/workflows/container.yml
sberk42 83192d8fe9 switch to node16 actions
2023-01-15 18:32:03 +01:00

169 lines
4.7 KiB
YAML
Raw Blame History

name: Container
on:
push:
# Publish `main` as Docker `latest` image.
branches:
- main
- master
# Publish `v1.2.3` tags as releases.
tags:
- '**' # All tags kick off a new container build Save history ad 5.0.x etc
# Run tests for any PRs.
pull_request:
env:
BUILD_PLATFORM: |
linux/arm/v6
linux/arm/v7
linux/arm64
linux/amd64
# Enable Docker Buildkit
DOCKER_BUILDKIT: 1
IMAGE_NAME: fritzbox_exporter
jobs:
lint:
runs-on: ubuntu-latest
if: github.event_name == 'push'
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Lint Dockerfile
uses: hadolint/hadolint-action@v1.6.0
with:
dockerfile: Dockerfile
prepare:
runs-on: ubuntu-latest
if: github.event_name == 'push'
needs: lint
# Map a step output to a job output
outputs:
DOCKER_REPOSITORY: ${{ steps.tag_image.outputs.DOCKER_REPOSITORY }}
DOCKER_TAG: ${{ steps.tag_image.outputs.DOCKER_TAG }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Tag Image
id: tag_image
run: |
DOCKER_REPOSITORY=ghcr.io/${{ github.repository }}/$IMAGE_NAME
# Change all uppercase to lowercase
DOCKER_REPOSITORY=$(echo $DOCKER_REPOSITORY | tr '[A-Z]' '[a-z]')
DOCKER_TAG=${{ github.ref_name }}
# Use Docker `latest` tag convention
[ "$DOCKER_TAG" == "master" ] && DOCKER_TAG=latest
[ "$DOCKER_TAG" == "main" ] && DOCKER_TAG=latest
echo DOCKER_REPOSITORY=$DOCKER_REPOSITORY
echo DOCKER_TAG=$DOCKER_TAG
echo '::set-output name=DOCKER_REPOSITORY::'$DOCKER_REPOSITORY
echo '::set-output name=DOCKER_TAG::'$DOCKER_TAG
# Build and push image to GitHub Packages.
# See also https://docs.docker.com/docker-hub/builds/
build:
runs-on: ubuntu-latest
if: github.event_name == 'push'
needs: [prepare]
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
- name: Build Image
uses: docker/build-push-action@v3
with:
build-args: REPO=${{ github.repository }}
context: .
cache-from: type=gha
cache-to: type=gha,mode=max
file: Dockerfile
platforms: ${{ env.BUILD_PLATFORM }}
push: false
# Build and push image to GitHub Packages.
# See also https://docs.docker.com/docker-hub/builds/
push:
runs-on: ubuntu-latest
if: github.event_name == 'push'
needs: [prepare, build]
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
- name: Log into registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Build Runtime Image and Push
uses: docker/build-push-action@v3
with:
build-args: REPO=${{ github.repository }}
context: .
cache-from: type=gha
cache-to: type=gha,mode=max
file: Dockerfile
platforms: ${{ env.BUILD_PLATFORM }}
push: true
tags: |
${{ needs.prepare.outputs.DOCKER_REPOSITORY }}:${{ needs.prepare.outputs.DOCKER_TAG }}
${{ needs.prepare.outputs.DOCKER_REPOSITORY }}:${{ github.sha }}
target: runtime-image
- name: Inspect image
if: success()
run: |
docker buildx imagetools inspect ${{ needs.prepare.outputs.DOCKER_REPOSITORY }}:${{ needs.prepare.outputs.DOCKER_TAG }}
docker buildx imagetools inspect ${{ needs.prepare.outputs.DOCKER_REPOSITORY }}:${{ github.sha }}
test:
runs-on: ubuntu-latest
if: github.event_name == 'push'
needs: [prepare, push]
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ needs.prepare.outputs.DOCKER_REPOSITORY }}:${{ github.sha }}"
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results.sarif'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'MEDIUM,HIGH,CRITICAL'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
if: always()
with:
sarif_file: 'trivy-results.sarif'
Reference in New Issue View Git Blame Copy Permalink