Docker Build #1504
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker Build | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| schedule: | |
| - cron: '42 2 * * 2' | |
| jobs: | |
| docker-build-ci-builder: | |
| name: docker build ci-builder | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| with: | |
| version: v0.10.2 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/ci-builder:${{ github.sha }} --load ci-builder/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Run Trivy vulnerability scanner (table output) | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/ci-builder:${{ github.sha }}' | |
| format: 'table' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/ci-builder:${{ github.sha }}' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/[email protected] | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/ci-builder:${{ github.sha }} --push ci-builder/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/ci-builder:${{ github.sha }} --push ci-builder/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/ci-builder:latest \ | |
| ghcr.io/hairyhenderson/ci-builder:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/ci-builder:latest \ | |
| hairyhenderson/ci-builder:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-dockerfiles-builder: | |
| name: docker build dockerfiles-builder | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| with: | |
| version: v0.10.2 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/dockerfiles-builder:${{ github.sha }} --load dockerfiles-builder/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Run Trivy vulnerability scanner (table output) | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/dockerfiles-builder:${{ github.sha }}' | |
| format: 'table' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/dockerfiles-builder:${{ github.sha }}' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/[email protected] | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/dockerfiles-builder:${{ github.sha }} --push dockerfiles-builder/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/dockerfiles-builder:${{ github.sha }} --push dockerfiles-builder/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/dockerfiles-builder:latest \ | |
| ghcr.io/hairyhenderson/dockerfiles-builder:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/dockerfiles-builder:latest \ | |
| hairyhenderson/dockerfiles-builder:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-figlet: | |
| name: docker build figlet | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| with: | |
| version: v0.10.2 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/figlet:${{ github.sha }} --load figlet/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Run Trivy vulnerability scanner (table output) | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/figlet:${{ github.sha }}' | |
| format: 'table' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/figlet:${{ github.sha }}' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/[email protected] | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/figlet:${{ github.sha }} --push figlet/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/figlet:${{ github.sha }} --push figlet/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/figlet:latest \ | |
| ghcr.io/hairyhenderson/figlet:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/figlet:latest \ | |
| hairyhenderson/figlet:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-golang-air: | |
| name: docker build golang-air | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| with: | |
| version: v0.10.2 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/golang-air:${{ github.sha }} --load golang-air/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Run Trivy vulnerability scanner (table output) | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/golang-air:${{ github.sha }}' | |
| format: 'table' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/golang-air:${{ github.sha }}' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/[email protected] | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/golang-air:${{ github.sha }} --push golang-air/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/golang-air:${{ github.sha }} --push golang-air/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/golang-air:latest \ | |
| ghcr.io/hairyhenderson/golang-air:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/golang-air:latest \ | |
| hairyhenderson/golang-air:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-gomplate-ci-build: | |
| name: docker build gomplate-ci-build | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| with: | |
| version: v0.10.2 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --build-arg GO_VERSION=1.20 --tag ghcr.io/hairyhenderson/gomplate-ci-build:${{ github.sha }} --load gomplate-ci-build/ | |
| docker buildx build --build-arg GO_VERSION=1.19 --tag ghcr.io/hairyhenderson/gomplate-ci-build:${{ github.sha }} --load gomplate-ci-build/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Run Trivy vulnerability scanner (table output) | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/gomplate-ci-build:${{ github.sha }}' | |
| format: 'table' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/gomplate-ci-build:${{ github.sha }}' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/[email protected] | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64 | |
| docker buildx build --build-arg GO_VERSION=1.20 \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/gomplate-ci-build:${{ github.sha }} --push gomplate-ci-build/ | |
| docker buildx build --build-arg GO_VERSION=1.20 \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/gomplate-ci-build:${{ github.sha }} --push gomplate-ci-build/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/gomplate-ci-build:1.20 \ | |
| ghcr.io/hairyhenderson/gomplate-ci-build:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/gomplate-ci-build:1.20 \ | |
| hairyhenderson/gomplate-ci-build:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/gomplate-ci-build:latest \ | |
| ghcr.io/hairyhenderson/gomplate-ci-build:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/gomplate-ci-build:latest \ | |
| hairyhenderson/gomplate-ci-build:${{ github.sha }} | |
| docker buildx build --build-arg GO_VERSION=1.19 \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/gomplate-ci-build:${{ github.sha }} --push gomplate-ci-build/ | |
| docker buildx build --build-arg GO_VERSION=1.19 \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/gomplate-ci-build:${{ github.sha }} --push gomplate-ci-build/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/gomplate-ci-build:1.19 \ | |
| ghcr.io/hairyhenderson/gomplate-ci-build:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/gomplate-ci-build:1.19 \ | |
| hairyhenderson/gomplate-ci-build:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-jwt: | |
| name: docker build jwt | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| with: | |
| version: v0.10.2 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/jwt:${{ github.sha }} --load jwt/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Run Trivy vulnerability scanner (table output) | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/jwt:${{ github.sha }}' | |
| format: 'table' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/jwt:${{ github.sha }}' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/[email protected] | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/jwt:${{ github.sha }} --push jwt/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/jwt:${{ github.sha }} --push jwt/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/jwt:latest \ | |
| ghcr.io/hairyhenderson/jwt:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/jwt:latest \ | |
| hairyhenderson/jwt:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-man: | |
| name: docker build man | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| with: | |
| version: v0.10.2 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/man:${{ github.sha }} --load man/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Run Trivy vulnerability scanner (table output) | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/man:${{ github.sha }}' | |
| format: 'table' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/man:${{ github.sha }}' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/[email protected] | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/man:${{ github.sha }} --push man/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/man:${{ github.sha }} --push man/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/man:latest \ | |
| ghcr.io/hairyhenderson/man:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/man:latest \ | |
| hairyhenderson/man:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-sed: | |
| name: docker build sed | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| with: | |
| version: v0.10.2 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/sed:${{ github.sha }} --load sed/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Run Trivy vulnerability scanner (table output) | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/sed:${{ github.sha }}' | |
| format: 'table' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/sed:${{ github.sha }}' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/[email protected] | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/sed:${{ github.sha }} --push sed/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/sed:${{ github.sha }} --push sed/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/sed:latest \ | |
| ghcr.io/hairyhenderson/sed:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/sed:latest \ | |
| hairyhenderson/sed:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-socat: | |
| name: docker build socat | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| with: | |
| version: v0.10.2 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/socat:${{ github.sha }} --load socat/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Run Trivy vulnerability scanner (table output) | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/socat:${{ github.sha }}' | |
| format: 'table' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/socat:${{ github.sha }}' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/[email protected] | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/socat:${{ github.sha }} --push socat/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/socat:${{ github.sha }} --push socat/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/socat:latest \ | |
| ghcr.io/hairyhenderson/socat:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/socat:latest \ | |
| hairyhenderson/socat:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-ssh: | |
| name: docker build ssh | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| with: | |
| version: v0.10.2 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/ssh:${{ github.sha }} --load ssh/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Run Trivy vulnerability scanner (table output) | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/ssh:${{ github.sha }}' | |
| format: 'table' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/ssh:${{ github.sha }}' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/[email protected] | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/ssh:${{ github.sha }} --push ssh/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/ssh:${{ github.sha }} --push ssh/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/ssh:latest \ | |
| ghcr.io/hairyhenderson/ssh:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/ssh:latest \ | |
| hairyhenderson/ssh:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' |