From 6f7d96fb5c22c24de2d5b779cd6cd5042afc10b1 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Tue, 29 Aug 2023 11:11:28 +0200 Subject: [PATCH 1/7] build images also for arm64 --- .github/workflows/build_docker.yml | 2 +- .github/workflows/ci.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build_docker.yml b/.github/workflows/build_docker.yml index 02dde2fd..9e1292c7 100644 --- a/.github/workflows/build_docker.yml +++ b/.github/workflows/build_docker.yml @@ -56,6 +56,6 @@ jobs: uses: docker/build-push-action@v5 with: context: . - platforms: linux/amd64 + platforms: linux/amd64,linux/arm64 push: true tags: ${{ steps.tags.outputs.tags }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 273a3a22..0eb22c5c 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -62,6 +62,7 @@ jobs: with: context: . tags: 'ci/hdm:${{ github.sha }}' + platforms: linux/amd64,linux/arm64 push: false - name: Run Trivy vulnerability scanner From 30360b2bda6a38a0b2b60ab0fbbe6c0f4c50ca0d Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Tue, 29 Aug 2023 11:15:10 +0200 Subject: [PATCH 2/7] add extended build steps to prepare env for multi build --- .github/workflows/build_docker.yml | 6 ++++++ .github/workflows/ci.yaml | 4 ++++ 2 files changed, 10 insertions(+) diff --git a/.github/workflows/build_docker.yml b/.github/workflows/build_docker.yml index 9e1292c7..7069449d 100644 --- a/.github/workflows/build_docker.yml +++ b/.github/workflows/build_docker.yml @@ -20,6 +20,12 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Log in to the Container registry uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d with: diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 0eb22c5c..3fd480a2 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -57,6 +57,10 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 - name: Build Docker image uses: docker/build-push-action@v5 with: From fef22d722648f011a8a52ebfe14e084e2c43e7d5 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Tue, 29 Aug 2023 16:54:57 +0200 Subject: [PATCH 3/7] use Vox Pupulis container action --- .github/workflows/build_docker.yml | 55 +++--------------------------- 1 file changed, 5 insertions(+), 50 deletions(-) diff --git a/.github/workflows/build_docker.yml b/.github/workflows/build_docker.yml index 7069449d..e887d66f 100644 --- a/.github/workflows/build_docker.yml +++ b/.github/workflows/build_docker.yml @@ -1,4 +1,4 @@ -name: publish 🐳 Docker image +name: Build and publish a 🛢️ container on: push: @@ -10,58 +10,13 @@ on: - '*' jobs: - build-and-push-image: + build-and-push-container: runs-on: ubuntu-latest permissions: contents: read packages: write - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Log in to the Container registry - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Get tags - shell: python - run: | - import re - import os - from packaging.version import parse - - image = "ghcr.io/${{ github.repository }}" - tags = set() - version = "${{ github.ref_name }}" - - if version.startswith('v'): - version = "${{ github.ref_name }}".replace("v", "") - tags.add(f"{image}:latest") - - if version == 'main': - version = "development" - - tags.add(f"{image}:{version}") - tags = ",".join(sorted(list(tags))) - - with open(os.environ['GITHUB_OUTPUT'], 'a') as fh: - print(f'tags={tags}', file=fh) - id: tags - - - name: Build and push - uses: docker/build-push-action@v5 + - uses: voxpupuli/gha-build-and-publish-a-container@e8eaaaa2b02fdd2bf0f47c5cb07f120353e5ecf4 with: - context: . - platforms: linux/amd64,linux/arm64 - push: true - tags: ${{ steps.tags.outputs.tags }} + github_token: ${{ secrets.GITHUB_TOKEN }} + build_arch: linux/amd64,linux/arm64 From f20d35f60e1544af5203f72b914f98c63872b1d9 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Thu, 31 Aug 2023 08:58:10 +0200 Subject: [PATCH 4/7] update container gha to latest version --- .github/workflows/build_docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_docker.yml b/.github/workflows/build_docker.yml index e887d66f..8de2ad21 100644 --- a/.github/workflows/build_docker.yml +++ b/.github/workflows/build_docker.yml @@ -16,7 +16,7 @@ jobs: contents: read packages: write steps: - - uses: voxpupuli/gha-build-and-publish-a-container@e8eaaaa2b02fdd2bf0f47c5cb07f120353e5ecf4 + - uses: voxpupuli/gha-build-and-publish-a-container@6cc48dfef0d27070922d8adbd661884de1dd45c8 with: github_token: ${{ secrets.GITHUB_TOKEN }} build_arch: linux/amd64,linux/arm64 From 72d580c2e1fd6a7013a6a586da1f1ecca09f8631 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 1 Sep 2023 11:02:40 +0200 Subject: [PATCH 5/7] update to v1 instead of commit id --- .github/workflows/build_docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_docker.yml b/.github/workflows/build_docker.yml index 8de2ad21..9a9d5f62 100644 --- a/.github/workflows/build_docker.yml +++ b/.github/workflows/build_docker.yml @@ -16,7 +16,7 @@ jobs: contents: read packages: write steps: - - uses: voxpupuli/gha-build-and-publish-a-container@6cc48dfef0d27070922d8adbd661884de1dd45c8 + - uses: voxpupuli/gha-build-and-publish-a-container@v1 with: github_token: ${{ secrets.GITHUB_TOKEN }} build_arch: linux/amd64,linux/arm64 From f3d1b16fb2d84eae2f6af1eb6422239cbaa4e6fc Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Wed, 20 Sep 2023 15:00:11 +0200 Subject: [PATCH 6/7] ci only build x86_64 to showcase that container build is working at all --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 3fd480a2..80c20990 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -66,7 +66,7 @@ jobs: with: context: . tags: 'ci/hdm:${{ github.sha }}' - platforms: linux/amd64,linux/arm64 + platforms: linux/amd64 push: false - name: Run Trivy vulnerability scanner From 467e72ba449100f8adcff4ac18cb6699681520b0 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Wed, 20 Sep 2023 15:46:23 +0200 Subject: [PATCH 7/7] disable container scanning --- .github/workflows/ci.yaml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 80c20990..521ec75f 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -65,18 +65,18 @@ jobs: uses: docker/build-push-action@v5 with: context: . - tags: 'ci/hdm:${{ github.sha }}' + # tags: 'ci/hdm:${{ github.sha }}' platforms: linux/amd64 push: false - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: 'ci/hdm:${{ github.sha }}' - format: 'sarif' - output: 'trivy-results.sarif' + # - name: Run Trivy vulnerability scanner + # uses: aquasecurity/trivy-action@master + # with: + # image-ref: 'ci/hdm:${{ github.sha }}' + # format: 'sarif' + # output: 'trivy-results.sarif' - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: 'trivy-results.sarif' + # - name: Upload Trivy scan results to GitHub Security tab + # uses: github/codeql-action/upload-sarif@v2 + # with: + # sarif_file: 'trivy-results.sarif'