mirror
/
dex
mirror of https://github.com/dexidp/dex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

ci: new docker image build 

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
pull/2474/head
Mark Sagi-Kazar 4 years ago
parent
783a7621e0
commit
0f5481a00a
No known key found for this signature in database
GPG Key ID: 31AB0439F4C5C90E
1 changed files with 112 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 112
      .github/workflows/artifacts.yaml

112
.github/workflows/artifacts.yaml
Unescape View File

@ -0,0 +1,112 @@
name: Artifacts
on:
push:
branches:
- master
tags:
- v[0-9]+.[0-9]+.[0-9]+
pull_request:
jobs:
container-images:
name: Container images
runs-on: ubuntu-latest
strategy:
matrix:
platform:
- linux/amd64
- linux/arm/v7
- linux/arm64
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Calculate container image details
id: details
env:
CONTAINER_IMAGES: "ghcr.io/dexidp/dex dexidp/dex"
run: |
case $GITHUB_REF in
refs/tags/*) VERSION=${GITHUB_REF#refs/tags/};;
refs/heads/*) VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g');;
refs/pull/*) VERSION=pr-${{ github.event.number }};;
*) VERSION=sha-${GITHUB_SHA::8};;
esac
TAGS=()
for image in $CONTAINER_IMAGES; do
TAGS+=("${image}:${VERSION}")
if [[ "${{ github.event.repository.default_branch }}" == "$VERSION" ]]; then
TAGS+=("${image}:latest")
fi
done
echo ::set-output name=version::${VERSION}
echo ::set-output name=tags::$(IFS=,; echo "${TAGS[*]}")
echo ::set-output name=commit_hash::${GITHUB_SHA::8}
echo ::set-output name=build_date::$(git show -s --format=%cI)
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
with:
platforms: all
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ github.token }}
if: github.event_name == 'push'
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
if: github.event_name == 'push'
- name: Build and push
uses: docker/build-push-action@v2
with:
context: .
platforms: ${{ matrix.platform }}
cache-from: type=gha
cache-to: type=gha,mode=max
push: ${{ github.event_name == 'push' }}
tags: ${{ steps.details.outputs.tags }}
build-args: |
VERSION=${{ steps.details.outputs.version }}
COMMIT_HASH=${{ steps.details.outputs.commit_hash }}
BUILD_DATE=${{ steps.details.outputs.build_date }}
labels: |
org.opencontainers.image.title=${{ github.event.repository.name }}
org.opencontainers.image.description=${{ github.event.repository.description }}
org.opencontainers.image.url=${{ github.event.repository.html_url }}
org.opencontainers.image.source=${{ github.event.repository.clone_url }}
org.opencontainers.image.version=${{ steps.details.outputs.version }}
org.opencontainers.image.created=${{ steps.details.outputs.build_date }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }}
org.opencontainers.image.documentation=https://dexidp.io/docs/
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.2.3
with:
image-ref: "ghcr.io/dexidp/dex:${{ steps.details.outputs.version }}"
format: "template"
template: "@/contrib/sarif.tpl"
output: "trivy-results.sarif"
if: github.event_name == 'push'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: "trivy-results.sarif"
if: github.event_name == 'push'
Write Preview
Loading…
Cancel
Save