Skip to content

Push Images

Push Images #627

Workflow file for this run

# Copyright 2023 The Atlas Operator Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Push Images
on:
schedule:
- cron: '0 7 * * 0-4'
push:
branches:
- master
tags:
- "v*"
workflow_dispatch:
jobs:
push:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Fetch Atlas version
id: atlas
run: |
# All distributions are built from the same version
# so we only need to fetch it once.
echo "version=$(curl -s https://release.ariga.io/atlas/atlas-linux-amd64-latest.version)" >> $GITHUB_OUTPUT
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ secrets.DOCKERHUB_USERNAME }}/atlas-operator
tags: |
type=schedule
type=sha
type=ref,event=branch
type=semver,pattern={{version}}
labels: |
io.ariga.atlas.version=${{ steps.atlas.outputs.version }}
org.opencontainers.image.title=atlas-operator
org.opencontainers.image.description=Atlas Operator
org.opencontainers.image.url=https://atlasgo.io
org.opencontainers.image.vendor=Ariga
org.opencontainers.image.source=https://github.com/ariga/atlas-operator/blob/master/Dockerfile
- name: Build and push
uses: docker/build-push-action@v4
with:
context: .
build-args: |
ATLAS_VERSION=${{ steps.atlas.outputs.version }}
OPERATOR_VERSION=v${{ steps.meta.outputs.version }}
file: ./Dockerfile
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
push: true
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe
with:
image-ref: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'