Unstable Release Pipe #283
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This builds the master branch (UNSTABLE!) of beammp | |
| name: Unstable Release Pipe | |
| on: | |
| push: | |
| workflow_dispatch: # Allows you to run this workflow manually from the Actions tab | |
| pull_request: | |
| types: | |
| - opened | |
| schedule: | |
| - cron: "0 0 * * 0" # weekly at sunday night | |
| env: | |
| CONTAINER_FILE: ./Containerfile | |
| IMAGE_NAME: rouhim/beammp-server | |
| IMAGE_TAG: unstable | |
| BUILD_ARGS: BUILD_BRANCH=master | |
| jobs: | |
| check-containerfile: | |
| name: Check container file | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4 | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'config' | |
| hide-progress: false | |
| format: 'table' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| severity: 'CRITICAL,HIGH' | |
| build-test-push-image: | |
| needs: check-containerfile | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| - name: Build amd64 container image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| tags: ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} | |
| platforms: linux/amd64 | |
| build-args: ${{ env.BUILD_ARGS }} | |
| context: . | |
| file: ./Containerfile | |
| load: true | |
| push: false | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: image | |
| image-ref: ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} | |
| format: 'table' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| severity: 'CRITICAL,HIGH' | |
| - name: Test the built image | |
| env: | |
| BEAMMP_AUTH_KEY: ${{ secrets.BEAMMP_AUTH_KEY }} | |
| run: | | |
| bash test-image.sh ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} | |
| - name: Build and push multiplatform container image | |
| if: github.ref == 'refs/heads/main' | |
| uses: docker/build-push-action@v5 | |
| with: | |
| tags: ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} | |
| platforms: linux/amd64, linux/arm64 | |
| build-args: ${{ env.BUILD_ARGS }} | |
| context: . | |
| file: ./Containerfile | |
| load: false | |
| push: true | |
| - name: Update docker hub description | |
| if: github.ref == 'refs/heads/main' | |
| uses: peter-evans/dockerhub-description@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| repository: ${{ env.IMAGE_NAME }} | |