chore(deps): bump actions/download-artifact from 2 to 4.1.7 in /.github/workflows #58

Workflow file for this run

	name: Docker image CI
	on: [push, pull_request]

	env:
	packer_version: '1.7.3'
	image_name: 'packer-ansible'

	jobs:
	lint:
	name: Lint Dockerfile
	runs-on: ubuntu-18.04
	steps:
	- name: Checkout
	uses: actions/checkout@v2
	- uses: hadolint/[email protected]
	with:
	dockerfile: Dockerfile

	build:
	name: Image build
	needs: lint
	runs-on: ubuntu-18.04
	steps:
	- name: Checkout code
	uses: actions/checkout@v2
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v1
	- name: Build and export
	uses: docker/build-push-action@v2
	with:
	context: .
	tags: ${{ env.image_name }}
	outputs: type=docker,dest=/tmp/${{ env.image_name }}.tar
	- name: Upload artifact
	uses: actions/upload-artifact@v2
	with:
	name: ${{ env.image_name }}
	path: /tmp/${{ env.image_name }}.tar

	scan:
	name: Image scan
	needs: build
	runs-on: ubuntu-18.04
	continue-on-error: true
	steps:
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v1
	- name: Download artifact
	uses: actions/[email protected]
	with:
	name: ${{ env.image_name }}
	path: /tmp
	- name: Load image
	run: \|
	docker load --input /tmp/${{ env.image_name }}.tar
	- name: Scan Image with Trivy
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: '${{ env.image_name }}'
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'
	# Skip scan inside ansible collections dir
	skip-dirs: 'usr/lib/python3.9/site-packages/ansible_collections/'

	test:
	name: Image test
	needs: build
	runs-on: ubuntu-18.04
	steps:
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v1
	- name: Download artifact
	uses: actions/[email protected]
	with:
	name: ${{ env.image_name }}
	path: /tmp
	- name: Load image
	run: \|
	docker load --input /tmp/${{ env.image_name }}.tar
	- name: Test container execution
	run: \|
	docker run ${{ env.image_name }} version \| grep 'Packer v${{ env.packer_version }}'

	push:
	name: Publish image on dockerhub
	if: startsWith(github.ref, 'refs/tags/v')
	needs: [scan, test]
	runs-on: ubuntu-18.04
	steps:
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v1
	- name: Login DockerHub
	uses: docker/login-action@v1
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}
	- name: Set output
	id: vars
	run: echo "::set-output name=tag::${GITHUB_REF#refs/*/}"
	- name: Build and Push
	id: docker_build
	uses: docker/build-push-action@v2
	with:
	push: true
	tags: "mdmansur/${{ env.image_name }}:${{ steps.vars.outputs.tag }}"
	build-args: \|
	PACKER_VERSION=${{ env.packer_version }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump actions/download-artifact from 2 to 4.1.7 in /.github/workflows #58

Workflow file

chore(deps): bump actions/download-artifact from 2 to 4.1.7 in /.github/workflows #58

Jobs

Run details

Workflow file for this run