generated from pascaliske/docker-package
-
Notifications
You must be signed in to change notification settings - Fork 0
137 lines (122 loc) · 3.93 KB
/
image.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: Image
on:
push:
branches:
- master
tags:
- v*
pull_request:
branches:
- master
jobs:
build:
name: Build
runs-on: ubuntu-latest
env:
REPOSITORY: ${{ github.repository }}
PLATFORMS: linux/amd64,linux/arm/v7,linux/arm64
steps:
# build image name
- name: Build image name
id: image-name
run: |
echo "::set-output name=image::${REPOSITORY//docker-/}"
# checkout
- uses: actions/checkout@v4
# setup node
- uses: actions/setup-node@v4
with:
node-version: '16'
registry-url: 'https://registry.npmjs.org'
# setup qemu
- uses: docker/setup-qemu-action@v3
with:
platforms: all
# setup docker metadata
- uses: docker/metadata-action@v5
id: metadata
with:
images: |
ghcr.io/${{ steps.image-name.outputs.image }}
${{ steps.image-name.outputs.image }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.0.') }}
type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }}
# setup docker buildx
- uses: docker/setup-buildx-action@v3
id: buildx
with:
version: latest
install: true
# login to docker hub
- uses: docker/login-action@v3
if: github.event_name != 'pull_request'
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_TOKEN }}
# login to github container registry
- uses: docker/login-action@v3
if: github.event_name != 'pull_request'
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
# build & push image
- uses: docker/build-push-action@v6
id: build
with:
builder: ${{ steps.buildx.outputs.name }}
platforms: ${{ env.PLATFORMS }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.metadata.outputs.tags }}
labels: ${{ steps.metadata.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
# generate release notes
- name: Generate release notes
if: startsWith(github.ref, 'refs/tags/v')
id: changelog
run: |
npx standard-changelog -i /dev/null -o CHANGES.md
# create github release
- uses: ncipollo/release-action@v1
if: startsWith(github.ref, 'refs/tags/v')
with:
tag: v${{ steps.metadata.outputs.version }}
name: Release v${{ steps.metadata.outputs.version }}
bodyFile: CHANGES.md
prerelease: ${{ steps.changelog.outputs.status == 'prereleased' }}
draft: ${{ steps.changelog.outputs.status == 'unreleased' }}
token: ${{ secrets.GITHUB_TOKEN }}
artifacts: README.md,LICENSE.md
# output image digest
- name: Output image digest
run: |
echo ${{ steps.build.outputs.digest }}
scan:
name: Scan
runs-on: ubuntu-latest
steps:
# build image name
- name: Build image name
id: image-name
run: echo "::set-output name=image::${REPOSITORY//docker-/}"
env:
REPOSITORY: ${{ github.repository }}
# checkout
- uses: actions/checkout@v4
# scan image
- uses: crazy-max/ghaction-container-scan@v3
id: scan
with:
image: ${{ steps.image-name.outputs.image }}:latest
dockerfile: ./Dockerfile
annotations: true
# upload results file to github
- uses: github/codeql-action/upload-sarif@v3
if: ${{ steps.scan.outputs.sarif != '' }}
with:
sarif_file: ${{ steps.scan.outputs.sarif }}