Merge pull request #2487 from dexidp/revert-docker-matrix

Build multi-platform images in a single build job
4 years ago · 27fb1cf3bd
1 changed files with 4 additions and 32 deletions
--- a/.github/workflows/artifacts.yaml
+++ b/.github/workflows/artifacts.yaml
@ -14,15 +14,9 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        platform:
-          - linux/amd64
-          - linux/arm/v7
-          - linux/arm64
        variant:
          - alpine
          - distroless
-    outputs:
-      version: ${{ steps.details.outputs.version }}

    steps:
      - name: Checkout
@ -62,7 +56,7 @@ jobs:
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v1
        with:
-          platforms: arm64,arm
+          platforms: all

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
@ -86,7 +80,7 @@ jobs:
        uses: docker/build-push-action@v2
        with:
          context: .
-          platforms: ${{ matrix.platform }}
+          platforms: linux/amd64,linux/arm/v7,linux/arm64
          cache-from: type=gha
          cache-to: type=gha,mode=max
          push: ${{ github.event_name == 'push' }}
@ -107,38 +101,16 @@ jobs:
            org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }}
            org.opencontainers.image.documentation=https://dexidp.io/docs/

-  container-scan:
-    name: Container scan
-    runs-on: ubuntu-latest
-    needs: container-images
-    if: github.event_name == 'push'
-    strategy:
-      matrix:
-        variant:
-          - alpine
-          - distroless
-
-    steps:
-      # Workaround for lack of matrix output support
-      - name: Calculate container image details
-        id: details
-        run: |
-          VERSION="${{ needs.container-images.outputs.version }}"
-
-          if [[ "${{ matrix.variant }}" != "alpine" ]]; then
-            VERSION="${VERSION}-${{ matrix.variant }}"
-          fi
-
-          echo ::set-output name=version::${VERSION}
-
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@0.2.5
        with:
          image-ref: "ghcr.io/dexidp/dex:${{ steps.details.outputs.version }}"
          format: "sarif"
          output: "trivy-results.sarif"
+        if: github.event_name == 'push'

      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: "trivy-results.sarif"
+        if: github.event_name == 'push'