Merge pull request #40 from wesley-dean-flexion/annotate

Add Quay, meta, labels
wesley-dean-flexion · Mar 12, 2024 · 5219175 · 5219175
2 parents 35a38ff + d7fcaa2
commit 5219175
Show file tree

Hide file tree

Showing 3 changed files with 69 additions and 9 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -1,10 +1,13 @@
 ---
-name: Publish
+name: Publish Release
 
 # yamllint disable-line rule:truthy
 on:
   push:
-    branches: [main, master]
+    branches:
+      - "main"
+    tags:
+      - "v*"
   workflow_dispatch:
 
 permissions: read-all
@@ -22,38 +25,96 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # pin@v2
 
+      - name: GHCR Secret Check
+        id: ghcr-secret
+        shell: bash
+        run: |
+          if [ "${{ secrets.GHCR_USERNAME }}" != "" ] && [ "${{ secrets.GHCR_PAT }}" != "" ] ; then
+            echo "ghcr=true" >> $GITHUB_OUTPUT
+          else
+            echo "ghcr=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: DockerHub Secret Check
+        id: dockerhub-secret
+        shell: bash
+        run: |
+          if [ "${{ secrets.DOCKERHUB_USERNAME }}" != "" ] && [ "${{ secrets.DOCKERHUB_PAT }}" != "" ] ; then
+            echo "dockerhub=true" >> $GITHUB_OUTPUT
+          else
+            echo "dockerhub=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Quay Secret Check
+        id: quay-secret
+        shell: bash
+        run: |
+          if [ "${{ secrets.QUAY_USERNAME }}" != "" ] && [ "${{ secrets.QUAY_PAT }}" != "" ] ; then
+            echo "quay=true" >> $GITHUB_OUTPUT
+          else
+            echo "quay=false" >> $GITHUB_OUTPUT
+          fi
+
       - name: Login to GitHub Packages
         uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # pin@v2
+        if: ${{ steps.ghcr-secret.outputs.ghcr == 'true' }}
         with:
           username: ${{ secrets.GHCR_USERNAME }}
           password: ${{ secrets.GHCR_PAT }}
           registry: ghcr.io
 
       - name: Login to Dockerhub
         uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # pin@v2
+        if: ${{ steps.dockerhub-secret.outputs.dockerhub == 'true' }}
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PAT }}
           registry: registry.hub.docker.com
 
+      - name: Login to Quay
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # pin@v2
+        if: ${{ steps.quay-secret.outputs.quay == 'true' }}
+        with:
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_PAT }}
+          registry: quay.io
+
+      - name: Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            name=registry.hub.docker.com/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }},enable=${{ steps.dockerhub-secret.outputs.dockerhub == 'true' }}
+            name=ghcr.io/${{ secrets.GHCR_USERNAME }}/${{ github.event.repository.name }},enable=${{ steps.ghcr-secret.outputs.ghcr == 'true' }}
+            name=quay.io/${{ secrets.QUAY_USERNAME }}/${{ github.event.repository.name }},enable=${{ steps.quay-secret.outputs.quay == 'true' }}
+          tags: |
+            type=sha
+            type=sha,format=long
+            type=edge,branch=main
+            type=semver,pattern={{version}},enable=${{ github.event_name == 'release' }}
+            type=semver,pattern={{major}},enable=${{ github.event_name == 'release' }}
+            type=semver,pattern={{major}}.{{minor}},enable=${{ github.event_name == 'release' }}
+            type=raw,value=latest,enable=${{ github.event_name == 'release' }}
+
       - name: Build and push
         uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # pin@v4
         with:
           push: true
-          platforms: linux/amd64,linux/arm64
-          tags: |
-            ghcr.io/${{ secrets.GHCR_USERNAME }}/${{ github.event.repository.name }}:latest
-            registry.hub.docker.com/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:latest
+          platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
 
       - name: update DockerHub description
         uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # pin@v3
+        if: ${{ steps.dockerhub-secret.outputs.dockerhub == 'true' }}
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PAT }}
           repository: ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}
 
       - name: update SBOM
         uses: anchore/sbom-action@9fece9e20048ca9590af301449208b2b8861333b # pin@v0
+        if: ${{ steps.ghcr-secret.outputs.ghcr == 'true' }}
         with:
           image: ghcr.io/${{ secrets.GHCR_USERNAME }}/${{ github.event.repository.name }}:latest
           registry-username: ${{ secrets.GHCR_USERNAME }}

diff --git a/.gitignore b/.gitignore
@@ -5,3 +5,5 @@
 *.tmp
 tmp*
 Desktop/
+reports
+megalinter-reports/
diff --git a/Dockerfile b/Dockerfile
@@ -19,6 +19,3 @@ ENTRYPOINT ["/upload_sarif_to_defectdojo.bash"]
 HEALTHCHECK NONE
 
 USER "${RUNNER}"
-
-LABEL org.opencontainers.image.source=https://github.com/wesley-dean-flexion/upload-sarif-to-defectdojo
-LABEL org.opencontainers.image.description="Upload SARIF to Defect Dojo"