mirror of https://github.com/dexidp/dex.git
Mark Sagi-Kazar
4 years ago
1 changed files with 112 additions and 0 deletions
@ -0,0 +1,112 @@
|
||||
name: Artifacts |
||||
|
||||
on: |
||||
push: |
||||
branches: |
||||
- master |
||||
tags: |
||||
- v[0-9]+.[0-9]+.[0-9]+ |
||||
pull_request: |
||||
|
||||
jobs: |
||||
container-images: |
||||
name: Container images |
||||
runs-on: ubuntu-latest |
||||
strategy: |
||||
matrix: |
||||
platform: |
||||
- linux/amd64 |
||||
- linux/arm/v7 |
||||
- linux/arm64 |
||||
|
||||
steps: |
||||
- name: Checkout |
||||
uses: actions/checkout@v3 |
||||
|
||||
- name: Calculate container image details |
||||
id: details |
||||
env: |
||||
CONTAINER_IMAGES: "ghcr.io/dexidp/dex dexidp/dex" |
||||
run: | |
||||
case $GITHUB_REF in |
||||
refs/tags/*) VERSION=${GITHUB_REF#refs/tags/};; |
||||
refs/heads/*) VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g');; |
||||
refs/pull/*) VERSION=pr-${{ github.event.number }};; |
||||
*) VERSION=sha-${GITHUB_SHA::8};; |
||||
esac |
||||
|
||||
TAGS=() |
||||
for image in $CONTAINER_IMAGES; do |
||||
TAGS+=("${image}:${VERSION}") |
||||
|
||||
if [[ "${{ github.event.repository.default_branch }}" == "$VERSION" ]]; then |
||||
TAGS+=("${image}:latest") |
||||
fi |
||||
done |
||||
|
||||
echo ::set-output name=version::${VERSION} |
||||
echo ::set-output name=tags::$(IFS=,; echo "${TAGS[*]}") |
||||
echo ::set-output name=commit_hash::${GITHUB_SHA::8} |
||||
echo ::set-output name=build_date::$(git show -s --format=%cI) |
||||
|
||||
- name: Set up QEMU |
||||
uses: docker/setup-qemu-action@v1 |
||||
with: |
||||
platforms: all |
||||
|
||||
- name: Set up Docker Buildx |
||||
uses: docker/setup-buildx-action@v1 |
||||
|
||||
- name: Login to GitHub Container Registry |
||||
uses: docker/login-action@v1 |
||||
with: |
||||
registry: ghcr.io |
||||
username: ${{ github.repository_owner }} |
||||
password: ${{ github.token }} |
||||
if: github.event_name == 'push' |
||||
|
||||
- name: Login to Docker Hub |
||||
uses: docker/login-action@v1 |
||||
with: |
||||
username: ${{ secrets.DOCKER_USERNAME }} |
||||
password: ${{ secrets.DOCKER_PASSWORD }} |
||||
if: github.event_name == 'push' |
||||
|
||||
- name: Build and push |
||||
uses: docker/build-push-action@v2 |
||||
with: |
||||
context: . |
||||
platforms: ${{ matrix.platform }} |
||||
cache-from: type=gha |
||||
cache-to: type=gha,mode=max |
||||
push: ${{ github.event_name == 'push' }} |
||||
tags: ${{ steps.details.outputs.tags }} |
||||
build-args: | |
||||
VERSION=${{ steps.details.outputs.version }} |
||||
COMMIT_HASH=${{ steps.details.outputs.commit_hash }} |
||||
BUILD_DATE=${{ steps.details.outputs.build_date }} |
||||
labels: | |
||||
org.opencontainers.image.title=${{ github.event.repository.name }} |
||||
org.opencontainers.image.description=${{ github.event.repository.description }} |
||||
org.opencontainers.image.url=${{ github.event.repository.html_url }} |
||||
org.opencontainers.image.source=${{ github.event.repository.clone_url }} |
||||
org.opencontainers.image.version=${{ steps.details.outputs.version }} |
||||
org.opencontainers.image.created=${{ steps.details.outputs.build_date }} |
||||
org.opencontainers.image.revision=${{ github.sha }} |
||||
org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }} |
||||
org.opencontainers.image.documentation=https://dexidp.io/docs/ |
||||
|
||||
- name: Run Trivy vulnerability scanner |
||||
uses: aquasecurity/trivy-action@0.2.3 |
||||
with: |
||||
image-ref: "ghcr.io/dexidp/dex:${{ steps.details.outputs.version }}" |
||||
format: "template" |
||||
template: "@/contrib/sarif.tpl" |
||||
output: "trivy-results.sarif" |
||||
if: github.event_name == 'push' |
||||
|
||||
- name: Upload Trivy scan results to GitHub Security tab |
||||
uses: github/codeql-action/upload-sarif@v1 |
||||
with: |
||||
sarif_file: "trivy-results.sarif" |
||||
if: github.event_name == 'push' |
||||
Loading…
Reference in new issue