chore(deps): update myrotvorets/node:latest docker digest to 78d5968 #5899
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Test | |
| on: | |
| push: | |
| branches: | |
| - "**" | |
| tags: | |
| - "*" | |
| pull_request: | |
| branches: | |
| - master | |
| workflow_dispatch: | |
| jobs: | |
| prepare: | |
| name: Check preconditions | |
| runs-on: ubuntu-latest | |
| # Build if: | |
| # * PUSH: not a branch OR commit does not have '[ci skip]' | |
| # * PR: comes from a foreign repo | |
| # * NOT PUSH AND NOT PR | |
| if: | | |
| (github.event_name == 'push' && (!startsWith(github.ref, 'refs/heads/') || !contains(github.event.head_commit.message, '[ci skip]'))) || | |
| (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name) || | |
| (github.event_name != 'push' && github.event_name != 'pull_request') | |
| steps: | |
| - run: echo | |
| build: | |
| name: Build and Test | |
| runs-on: ubuntu-latest | |
| needs: prepare | |
| strategy: | |
| matrix: | |
| node: | |
| - { name: Current, version: current } | |
| - { name: LTS, version: lts/* } | |
| - { name: Previous LTS, version: lts/-1 } | |
| steps: | |
| - name: Build and test | |
| uses: myrotvorets/composite-actions/build-test-nodejs@master | |
| with: | |
| node-version: ${{ matrix.node.version }} | |
| hadolint: | |
| name: Run hadolint | |
| runs-on: ubuntu-latest | |
| needs: prepare | |
| if: ${{ !startsWith(github.ref, 'refs/heads/') }} | |
| steps: | |
| - name: Check out the source code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Run hadolint | |
| uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 | |
| with: | |
| dockerfile: Dockerfile | |
| docker: | |
| name: Build Docker image | |
| runs-on: ubuntu-latest | |
| needs: prepare | |
| env: | |
| IMAGE_NAME: myrotvorets/ssu-scraper-cronjob | |
| steps: | |
| - name: Check out the source code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 | |
| - name: Build Docker image | |
| uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 | |
| with: | |
| context: . | |
| load: true | |
| pull: true | |
| push: false | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| tags: ${{ env.IMAGE_NAME }}:${{ github.sha }} | |
| - name: Determine security scan parameters | |
| id: scanparams | |
| run: | | |
| if \ | |
| ([ "${{ github.event_name }}" != "pull_request" ] || [ "${{ github.event.pull_request.head.repo.full_name }}" == "${{ github.event.pull_request.base.repo.full_name }}" ]) && \ | |
| [ "${{ github.event.sender.login }}" != "dependabot[bot]" ] | |
| then | |
| echo "format=template" >> "${GITHUB_OUTPUT}" | |
| echo "template=@/contrib/sarif.tpl" >> "${GITHUB_OUTPUT}" | |
| echo "output=trivy-results.sarif" >> "${GITHUB_OUTPUT}" | |
| else | |
| echo "format=table" >> "${GITHUB_OUTPUT}" | |
| echo "template=" >> "${GITHUB_OUTPUT}" | |
| echo "output=" >> "${GITHUB_OUTPUT}" | |
| fi | |
| - name: Security Scan | |
| id: scan | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: ${{ env.IMAGE_NAME }}:${{ github.sha }} | |
| format: ${{ steps.scanparams.outputs.format }} | |
| template: ${{ steps.scanparams.outputs.template }} | |
| output: ${{ steps.scanparams.outputs.output }} | |
| if: | | |
| github.event_name == 'workflow_dispatch' || | |
| github.event_name == 'push' && github.event.sender.login != 'dependabot[bot]' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3 | |
| with: | |
| sarif_file: trivy-results.sarif | |
| if: always() && (steps.scan.conclusion == 'success' || steps.scan.conclusion == 'failure') && steps.scanparams.outputs.output != '' | |
| trigger_cd: | |
| name: Trigger CD | |
| needs: | |
| - build | |
| - hadolint | |
| - docker | |
| runs-on: ubuntu-latest | |
| if: | | |
| github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags')) | |
| steps: | |
| - name: Trigger Docker build | |
| uses: myrotvorets/trigger-repository-dispatch-action@7a1a910f85b51fdf701383492223f268e0308278 # v2.0.2 | |
| with: | |
| token: ${{ secrets.REPOSITORY_ACCESS_TOKEN }} | |
| type: Push Image | |
| payload: '{ "ref": "${{ github.ref }}", "sha": "${{ github.sha }}", "event_name": "${{ github.event_name }}" }' |