Skip to content

bandit: add bandit to GRASS GIS CI (#3515) #414

bandit: add bandit to GRASS GIS CI (#3515)

bandit: add bandit to GRASS GIS CI (#3515) #414

Workflow file for this run

---
name: Docker
# This workflow builds and pushes docker images to dockerhub
#
# Summary
#
# job docker-os-matrix:
# * creates tags <version>-alpine, <version>-debian and <version>-ubuntu for each release
# * creates tags <branch_name>-alpine, <branch_name>-debian and <branch_name>-ubuntu for all triggered branches
# * creates tags current-alpine, current-debian and current-ubuntu for releasebranch_8_3
# * creates tag latest for last stable release with ubuntu os
on:
push:
branches:
- main
- releasebranch_*
- '!releasebranch_7_*'
# tags: ['*.*.*']
paths-ignore: [doc/**]
release:
types: [published]
jobs:
# Run for push to configured branches and all published releases.
# Take care of different os.
# For main branch, created tags are:
# main-alpine, main-debian, main-ubuntu
# For releasebranch_8_3, created tags are:
# current-alpine, current-debian, current-ubuntu,
# releasebranch_8_3-alpine, releasebranch_8_3-debian, releasebranch_8_3-ubuntu
# For a release, e.g. 8.3.0, created tags are:
# 8.3.0-alpine, 8.3.0-debian, 8.3.0-ubuntu and latest (with ubuntu)
docker-os-matrix:
name: build and push ${{ matrix.os }} for ${{ github.ref }}
if: github.repository_owner == 'OSGeo'
runs-on: ubuntu-latest
strategy:
matrix:
os:
- alpine
- debian
- ubuntu
- ubuntu_wxgui
fail-fast: false
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
fetch-depth: 0
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: osgeo/grass-gis
tags: |
type=ref,event=tag
type=ref,event=branch
type=raw,value=current,enable=${{ github.ref == format('refs/heads/{0}', 'releasebranch_8_3') }}
type=raw,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/8.3') && matrix.os == 'ubuntu' }},suffix=
flavor: |
latest=false
suffix=-${{ matrix.os }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push
id: docker_build
uses: docker/build-push-action@v5
with:
push: true
pull: true
context: .
tags: ${{ steps.meta.outputs.tags }}
file: docker/${{ matrix.os }}/Dockerfile
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}