This repository has been archived by the owner on Jul 3, 2024. It is now read-only.

CD #725

Summary
Jobs
- CentOS (7)
Run details
- Usage
- Workflow file

Workflow file for this run

	name: CD

	on:
	push:
	branches: [master]
	schedule:
	- cron: '30 3 * * *'
	workflow_dispatch:
	inputs:
	force_rebuild:
	description: 'Force container rebuild'
	required: true
	type: choice
	options: [yes, no]

	permissions:
	packages: write
	contents: read

	jobs:
	CentOS:
	name: CentOS
	runs-on: ubuntu-latest
	timeout-minutes: 10

	strategy:
	matrix:
	version: [ '7' ]

	steps:
	- name: Login to DockerHub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Check for rebuild
	id: update_check
	continue-on-error: true
	run : \|
	# [update-check]

	echo -e "::group::\033[34mChecking for packages updates…\033[0m"

	if [[ "${{ github.event.inputs.force_rebuild }}" == "true" ]] ; then
	echo "::warning::Rebuild ${{matrix.version}} (reason: forced rebuild)"
	echo "build=true" >> $GITHUB_OUTPUT
	exit 0
	else
	if ! docker pull ${{github.repository}}:${{matrix.version}} ; then
	echo "::warning::Rebuild ${{matrix.version}} (reason: new image)"
	echo "build=true" >> $GITHUB_OUTPUT
	exit 0
	fi

	if ! docker run --rm ${{github.repository}}:${{ matrix.version }} yum check-update ; then
	echo "::warning::Rebuild ${{matrix.version}} (reason: packages update)"
	echo "build=true" >> $GITHUB_OUTPUT
	exit 0
	fi
	fi

	echo "::endgroup::"

	echo -e "::group::\033[34mChecking for rebuilt base image…\033[0m"

	docker pull centos:${{matrix.version}}

	orig_dig=$(docker inspect "centos:${{matrix.version}}" \| jq -r '.[0].RootFS.Layers[0]')
	our_dig=$(docker inspect "${{github.repository}}:${{matrix.version}}" \| jq -r '.[0].RootFS.Layers[0]')

	echo ""
	echo "Original: ${orig_dig}"
	echo "Our: ${our_dig}"

	if [[ "$orig_dig" != "$our_dig" ]] ; then
	echo "::warning::Rebuild ${{matrix.version}} (reason: rebuilt base image)"
	echo "build=true" >> $GITHUB_OUTPUT
	exit 0
	fi

	echo "::endgroup::"

	- name: Checkout
	if: ${{ steps.update_check.outputs.build == 'true' }}
	uses: actions/checkout@v4

	- name: Set build context
	if: ${{ steps.update_check.outputs.build == 'true' }}
	id: build_context
	run: \|
	echo "dockerfile=centos${{matrix.version}}.docker" >> $GITHUB_OUTPUT

	- name: Rebuild and push image
	if: ${{ steps.update_check.outputs.build == 'true' }}
	uses: docker/build-push-action@v5
	with:
	context: .
	file: ${{ steps.build_context.outputs.dockerfile }}
	push: true
	tags: \|
	ghcr.io/${{github.repository}}:${{matrix.version}}
	${{github.repository}}:${{matrix.version}}

	- name: Show info about images
	uses: essentialkaos/docker-info-action@v1
	with:
	image: ${{github.repository}}:${{matrix.version}}

	- name: Scan final image with Trivy
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: 'ghcr.io/${{github.repository}}:${{matrix.version}}'
	format: 'table'
	ignore-unfixed: true
	severity: 'LOW,MEDIUM,HIGH,CRITICAL'
	scanners: 'vuln'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CD #725

Workflow file

CD #725

Jobs

Run details

Workflow file for this run