Bump golang.org/x/crypto from 0.29.0 to 0.30.0 in /api #850
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker builds | |
on: | |
pull_request: | |
branches: [master] | |
push: | |
branches: [master] | |
tags: | |
- v* | |
schedule: | |
- cron: '18 1 * * 4' | |
env: | |
DOCKER_USERNAME: kkoval | |
DOCKER_IMAGE: kkoval/photoview | |
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
PLATFORMS: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 | |
jobs: | |
prepare: | |
name: Get latest tag | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Prepare the Matrix | |
id: prepare_matrix | |
shell: bash | |
run: | | |
case ${{ github.event_name }} in | |
pull_request) | |
echo Event is ${{ github.event_name }} | |
echo 'tags=[{"tag": "", "ref": "${{ github.ref }}"}]' | tee -a $GITHUB_OUTPUT | |
;; | |
push) | |
echo Event is ${{ github.event_name }} | |
echo 'tags=[{"tag": "${{ github.ref_name }}", "ref": "${{ github.ref }}"}]' | tee -a $GITHUB_OUTPUT | |
;; | |
schedule) | |
echo Event is ${{ github.event_name }} | |
git fetch --all | |
TAG=$(git describe --tags --abbrev=0 || exit 0) | |
echo TAG = $TAG | |
if [ -z "$TAG" ]; then | |
echo 'tags=[{"tag": "${{ github.ref_name }}", "ref": "${{ github.ref }}"}]' | tee -a $GITHUB_OUTPUT | |
else | |
echo 'tags=[{"tag": "${{ github.ref_name }}", "ref": "${{ github.ref }}"}, {"tag": "$TAG", "ref": "$(git show-ref --tags -d | grep "/$TAG$" | cut -d ' ' -f 2)"}]' | tee -a $GITHUB_OUTPUT | |
fi | |
;; | |
*) | |
echo "Run for '${{ github.event_name }}' is not expected" | |
echo 'tags=[{"tag": "", "ref": "${{ github.ref }}"}]' | tee -a $GITHUB_OUTPUT | |
;; | |
esac | |
outputs: | |
tags: ${{ steps.prepare_matrix.outputs.tags }} | |
build: | |
name: Build Docker Image | |
runs-on: ubuntu-latest | |
needs: prepare | |
strategy: | |
fail-fast: false | |
matrix: | |
tags: ${{ fromJson(needs.prepare.outputs.tags) }} | |
steps: | |
- name: Checkout ${{ matrix.tags.ref }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ matrix.tags.ref }} | |
- name: Fetch branches | |
run: git fetch --all | |
- name: Hadolint report for Sonar | |
uses: hadolint/[email protected] | |
with: | |
dockerfile: Dockerfile | |
config: ${{ github.workspace }}/.hadolint.yaml | |
output-file: ${{ github.workspace }}/hadolint.json | |
format: json | |
failure-threshold: ignore | |
- name: SonarCloud Scan | |
uses: SonarSource/sonarcloud-github-action@master | |
if: github.repository == 'kkovaletp/photoview' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_DOCKER }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
with: | |
platforms: ${{ env.PLATFORMS }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Docker Login | |
if: github.event_name != 'pull_request' && github.repository == 'kkovaletp/photoview' | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- name: Docker meta | |
id: docker_meta | |
uses: docker/metadata-action@v5 | |
with: | |
# list of Docker images to use as base name for tags | |
images: ${{ env.DOCKER_IMAGE }} | |
# Docker tags based on the following events/attributes | |
tags: | | |
type=schedule | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=semver,pattern={{major}} | |
type=sha | |
- name: Set build args | |
id: vars | |
run: | | |
echo "BUILD_DATE=$(date +%Y-%m-%d)" >> $GITHUB_OUTPUT | |
echo "VERSION=kkoval-2-$(date +%Y-%m-%d)" >> $GITHUB_OUTPUT | |
- name: Build and Push | |
id: docker_buildx | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
sbom: true | |
provenance: mode=max | |
platforms: ${{ env.PLATFORMS }} | |
push: ${{ github.event_name != 'pull_request' && github.repository == 'kkovaletp/photoview' }} | |
tags: ${{ steps.docker_meta.outputs.tags }} | |
labels: ${{ steps.docker_meta.outputs.labels }} | |
annotations: ${{ steps.docker_meta.outputs.annotations }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
build-args: | | |
BUILD_DATE=${{ steps.vars.outputs.BUILD_DATE }} | |
REACT_APP_BUILD_DATE=${{ steps.vars.outputs.BUILD_DATE }} | |
VERSION=${{ steps.vars.outputs.VERSION }} | |
REACT_APP_BUILD_VERSION=${{ steps.vars.outputs.VERSION }} | |
COMMIT_SHA=${{ github.sha }} | |
REACT_APP_BUILD_COMMIT_SHA=${{ github.sha }} | |
dockle: | |
name: Dockle Container Analysis | |
runs-on: ubuntu-latest | |
needs: | |
- prepare | |
- build | |
strategy: | |
fail-fast: false | |
matrix: | |
tags: ${{ fromJson(needs.prepare.outputs.tags) }} | |
if: ${{ github.repository == 'kkovaletp/photoview' && github.event_name != 'pull_request' }} | |
steps: | |
# Makes sure your .dockleignore file is available to the next step | |
- name: Checkout ${{ matrix.tags.ref }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ matrix.tags.ref }} | |
- name: Docker Login | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ env.DOCKER_USERNAME }} | |
password: ${{ env.DOCKER_PASSWORD }} | |
- name: Run Dockle for 'kkoval/photoview:${{ matrix.tags.tag }}' | |
id: dockle | |
if: ${{ matrix.tags.tag != '' }} | |
uses: erzz/dockle-action@v1 | |
with: | |
image: kkoval/photoview:${{ matrix.tags.tag }} | |
report-name: dockle-results-${{ matrix.tags.tag }} | |
report-format: sarif | |
failure-threshold: fatal | |
exit-code: 1 | |
timeout: 5m | |
- name: Upload SARIF file | |
if: ${{ steps.dockle.conclusion == 'success' || steps.dockle.conclusion == 'failure' }} | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: dockle-results-${{ matrix.tags.tag }}.sarif |