Replace deprecated MAINTAINER with LABEL in Dockerfiles (#949) #7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker image for Goss | |
| on: | |
| push: | |
| branches: | |
| - master | |
| tags: | |
| - "v*" | |
| workflow_dispatch: | |
| env: | |
| PLATFORMS: "linux/amd64,linux/arm64" | |
| jobs: | |
| goss: | |
| name: Build and push Docker image | |
| runs-on: ubuntu-latest | |
| permissions: | |
| packages: write | |
| contents: read | |
| security-events: write # To upload Trivy sarif files | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/${{ github.repository_owner }}/goss | |
| - name: Get latest git tag | |
| uses: actions-ecosystem/action-get-latest-tag@v1 | |
| id: get-latest-tag | |
| - name: Set short git commit SHA | |
| run: | | |
| calculatedSha=$(git rev-parse --short ${{ github.sha }}) | |
| echo "COMMIT_SHORT_SHA=$calculatedSha" >> $GITHUB_ENV | |
| - name: Get the current version of Go from project. | |
| run: echo "GO_VERSION_FROM_PROJECT=$(go mod edit -json | jq -r .Go)" >> $GITHUB_ENV | |
| - name: Build master goss image | |
| if: github.ref_name == 'master' | |
| uses: docker/build-push-action@v5 | |
| with: | |
| build-args: | | |
| GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }} | |
| GOSS_VERSION=${{ steps.get-latest-tag.outputs.tag }}-${{ github.ref_name }}+${{ env.COMMIT_SHORT_SHA }} | |
| context: . | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/goss:master | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: ${{ env.PLATFORMS }} | |
| - name: Build release goss image | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') | |
| uses: docker/build-push-action@v5 | |
| with: | |
| build-args: | | |
| GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }} | |
| GOSS_VERSION=${{ github.ref_name }} | |
| context: . | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/goss:latest | |
| ghcr.io/${{ github.repository_owner }}/goss:${{ github.ref_name }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: ${{ env.PLATFORMS }} | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: ghcr.io/${{ github.repository_owner }}/goss:master | |
| format: "sarif" | |
| output: "trivy-results.sarif" | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: "trivy-results.sarif" |