Skip to content

Add support for component's category attribute (#471) #1388

Add support for component's category attribute (#471)

Add support for component's category attribute (#471) #1388

Workflow file for this run

# Copyright © Michal Čihař <[email protected]>
#
# SPDX-License-Identifier: GPL-3.0-or-later
name: Docker Image CI
on:
push:
branches-ignore:
- renovate/**
tags:
- '*'
pull_request:
jobs:
build:
runs-on: ubuntu-22.04
name: Build, ${{ matrix.architecture }}
strategy:
matrix:
architecture: [linux/amd64]
env:
MATRIX_ARCHITECTURE: ${{ matrix.architecture }}
steps:
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
- name: Set up Docker Buildx
uses: docker/[email protected]
- name: Cache Docker layers
uses: actions/cache@v3
id: cache
with:
path: /tmp/.buildx-cache/${{ matrix.architecture }}
key: ${{ runner.os }}-buildx-${{ github.sha }}-${{ matrix.architecture }}
- name: Configure Docker build
run: .github/bin/get-buildx-args
- name: Build the Docker image
run: docker buildx build $(.github/bin/get-buildx-args)
buildx:
runs-on: ubuntu-22.04
name: Build, ${{ matrix.architecture }}
strategy:
matrix:
architecture: [linux/arm/v7, linux/arm64]
env:
MATRIX_ARCHITECTURE: ${{ matrix.architecture }}
steps:
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
- name: Set up QEMU
uses: docker/[email protected]
with:
platforms: ${{ matrix.architecture }}
- name: Set up Docker Buildx
uses: docker/[email protected]
- name: Cache Docker layers
uses: actions/cache@v3
id: cache
with:
path: /tmp/.buildx-cache/${{ matrix.architecture }}
key: ${{ runner.os }}-buildx-${{ github.sha }}-${{ matrix.architecture }}
- name: Configure Docker build
run: .github/bin/get-buildx-args
- name: Build the Docker image
run: docker buildx build $(.github/bin/get-buildx-args)
test:
runs-on: ubuntu-22.04
name: Test, ${{ matrix.architecture }}
needs: [build]
strategy:
matrix:
architecture: [linux/amd64]
env:
MATRIX_ARCHITECTURE: ${{ matrix.architecture }}
COMPOSE_PROJECT_NAME: wl
steps:
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
- name: Set up Docker Buildx
uses: docker/[email protected]
- name: Cache Docker layers
uses: actions/cache@v3
id: cache
with:
path: /tmp/.buildx-cache/${{ matrix.architecture }}
key: ${{ runner.os }}-buildx-${{ github.sha }}-${{ matrix.architecture }}
- name: Build the Docker image
run: docker buildx build $(.github/bin/get-buildx-args load)
- name: List Docker images
run: docker image ls --all
- name: Test the Docker image
run: docker run --rm weblate/wlc:test version | grep "version"
anchore:
runs-on: ubuntu-22.04
name: Anchore Container Scan, ${{ matrix.architecture }}
needs: [build]
strategy:
matrix:
architecture: [linux/amd64]
env:
MATRIX_ARCHITECTURE: ${{ matrix.architecture }}
steps:
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
- name: Set up Docker Buildx
uses: docker/[email protected]
- name: Cache Docker layers
uses: actions/cache@v3
id: cache
with:
path: /tmp/.buildx-cache/${{ matrix.architecture }}
key: ${{ runner.os }}-buildx-${{ github.sha }}-${{ matrix.architecture }}
- name: Build the Docker image
run: docker buildx build $(.github/bin/get-buildx-args load)
- name: List Docker images
run: docker image ls --all
- name: Checkout the code
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
- name: Anchore scan action
uses: anchore/scan-action@v3
with:
image: weblate/wlc:test
fail-build: false
acs-report-enable: true
severity-cutoff: high
- name: Upload Anchore Scan Report
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
- uses: actions/upload-artifact@v3
with:
name: Anchore scan SARIF
path: results.sarif
trivy:
runs-on: ubuntu-22.04
name: Trivy Container Scan, ${{ matrix.architecture }}
needs: [build]
strategy:
matrix:
architecture: [linux/amd64]
env:
MATRIX_ARCHITECTURE: ${{ matrix.architecture }}
steps:
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
- name: Set up Docker Buildx
uses: docker/[email protected]
- name: Cache Docker layers
uses: actions/cache@v3
id: cache
with:
path: /tmp/.buildx-cache/${{ matrix.architecture }}
key: ${{ runner.os }}-buildx-${{ github.sha }}-${{ matrix.architecture }}
- name: Build the Docker image
run: docker buildx build $(.github/bin/get-buildx-args load)
- name: List Docker images
run: docker image ls --all
- name: Checkout the code
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/[email protected]
with:
image-ref: weblate/wlc:test
format: template
template: '@/contrib/sarif.tpl'
output: trivy-results.sarif
severity: CRITICAL,HIGH
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: trivy-results.sarif
- uses: actions/upload-artifact@v3
with:
name: Trivy scan SARIF
path: trivy-results.sarif
push_dockerhub:
runs-on: ubuntu-22.04
name: Publish to Docker Hub
needs: [test, anchore, trivy, buildx]
if: ${{ startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main') }}
steps:
- name: Checkout
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
- name: Set up QEMU
uses: docker/[email protected]
with:
platforms: all
- name: Set up Docker Buildx
uses: docker/[email protected]
- name: Cache Docker layers
uses: actions/cache@v3
id: cache-arm64
with:
path: /tmp/.buildx-cache/linux/arm64
key: ${{ runner.os }}-buildx-${{ github.sha }}-linux/arm64
- name: Cache Docker layers
uses: actions/cache@v3
id: cache-arm-v7
with:
path: /tmp/.buildx-cache/linux/arm/v7
key: ${{ runner.os }}-buildx-${{ github.sha }}-linux/arm/v7
- name: Cache Docker layers
uses: actions/cache@v3
id: cache-amd64
with:
path: /tmp/.buildx-cache/linux/amd64
key: ${{ runner.os }}-buildx-${{ github.sha }}-linux/amd64
- name: DockerHub login
run: echo "${{ secrets.DOCKERHUB_ACCESS_TOKEN }}" | docker login --username "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin
- name: Configure Docker build
run: .github/bin/get-buildx-args publish
- name: Publish the Docker images
run: docker buildx build $(.github/bin/get-buildx-args publish)
push_github:
runs-on: ubuntu-22.04
name: Publish to GitHub
needs: [test, anchore, trivy, buildx]
if: ${{ startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main') }}
env:
DOCKER_IMAGE: ghcr.io/weblateorg/wlc
steps:
- name: Checkout
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
- name: Set up QEMU
uses: docker/[email protected]
with:
platforms: all
- name: Set up Docker Buildx
uses: docker/[email protected]
- name: Cache Docker layers
uses: actions/cache@v3
id: cache-arm64
with:
path: /tmp/.buildx-cache/linux/arm64
key: ${{ runner.os }}-buildx-${{ github.sha }}-linux/arm64
- name: Cache Docker layers
uses: actions/cache@v3
id: cache-arm-v7
with:
path: /tmp/.buildx-cache/linux/arm/v7
key: ${{ runner.os }}-buildx-${{ github.sha }}-linux/arm/v7
- name: Cache Docker layers
uses: actions/cache@v3
id: cache-amd64
with:
path: /tmp/.buildx-cache/linux/amd64
key: ${{ runner.os }}-buildx-${{ github.sha }}-linux/amd64
- name: Login to GitHub Container Registry
if: ${{ github.event_name != 'pull_request'}}
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Configure Docker build
run: .github/bin/get-buildx-args publish
- name: Publish the Docker images
run: docker buildx build $(.github/bin/get-buildx-args publish)