mirror of
https://github.com/zabbix/zabbix-docker.git
synced 2024-12-24 15:29:05 +01:00
Prepare universal workflow
This commit is contained in:
parent
390c7d0fe3
commit
173f7fbb4e
31
.github/workflows/dependency-review.yml
vendored
Normal file
31
.github/workflows/dependency-review.yml
vendored
Normal file
@ -0,0 +1,31 @@
|
||||
# Dependency Review Action
|
||||
#
|
||||
# This Action will scan dependency manifest files that change as part of a Pull Request,
|
||||
# surfacing known-vulnerable versions of the packages declared or updated in the PR.
|
||||
# Once installed, if the workflow run is marked as required,
|
||||
# PRs introducing known-vulnerable packages will be blocked from merging.
|
||||
#
|
||||
# Source repository: https://github.com/actions/dependency-review-action
|
||||
name: 'Dependency Review'
|
||||
on: [pull_request]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
dependency-review:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
with:
|
||||
disable-sudo: true
|
||||
egress-policy: block
|
||||
allowed-endpoints: >
|
||||
api.github.com:443
|
||||
github.com:443
|
||||
|
||||
- name: 'Checkout Repository'
|
||||
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
|
||||
- name: 'Dependency Review'
|
||||
uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c # v2.5.1
|
46
.github/workflows/images_build.yml
vendored
46
.github/workflows/images_build.yml
vendored
@ -66,7 +66,7 @@ jobs:
|
||||
github.com:443
|
||||
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
|
||||
fetch-depth: 1
|
||||
@ -266,7 +266,7 @@ jobs:
|
||||
ziply.mm.fcix.net:443
|
||||
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
|
||||
fetch-depth: 1
|
||||
@ -280,18 +280,18 @@ jobs:
|
||||
run: cosign version
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v3
|
||||
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
|
||||
with:
|
||||
image: tonistiigi/binfmt:latest
|
||||
platforms: all
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
|
||||
with:
|
||||
driver-opts: image=moby/buildkit:master
|
||||
|
||||
- name: Login to DockerHub
|
||||
uses: docker/login-action@v3
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
@ -313,7 +313,7 @@ jobs:
|
||||
|
||||
- name: Generate tags
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
|
||||
with:
|
||||
images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ env.BASE_BUILD_NAME }}
|
||||
context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }}
|
||||
@ -330,7 +330,7 @@ jobs:
|
||||
|
||||
- name: Build and publish image
|
||||
id: docker_build
|
||||
uses: docker/build-push-action@v5
|
||||
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
|
||||
with:
|
||||
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ env.BASE_BUILD_NAME }}/${{ matrix.os }}
|
||||
file: ${{ env.DOCKERFILES_DIRECTORY }}/${{ env.BASE_BUILD_NAME }}/${{ matrix.os }}/Dockerfile
|
||||
@ -379,7 +379,7 @@ jobs:
|
||||
echo "$DIGEST" > "$CACHE_FILE_NAME"
|
||||
|
||||
- name: Cache image digest
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.os }}
|
||||
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.os }}-${{ github.run_id }}
|
||||
@ -427,7 +427,7 @@ jobs:
|
||||
rekor.sigstore.dev:443
|
||||
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
|
||||
fetch-depth: 1
|
||||
@ -441,18 +441,18 @@ jobs:
|
||||
run: cosign version
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v3
|
||||
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
|
||||
with:
|
||||
image: tonistiigi/binfmt:latest
|
||||
platforms: all
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
|
||||
with:
|
||||
driver-opts: image=moby/buildkit:master
|
||||
|
||||
- name: Login to DockerHub
|
||||
uses: docker/login-action@v3
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
@ -474,7 +474,7 @@ jobs:
|
||||
|
||||
- name: Generate tags
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
|
||||
with:
|
||||
images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ matrix.build }}
|
||||
context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }}
|
||||
@ -490,7 +490,7 @@ jobs:
|
||||
latest=${{ (needs.init_build.outputs.current_branch != 'trunk') && (matrix.os == 'alpine') && ( needs.init_build.outputs.is_default_branch == 'true' ) }}
|
||||
|
||||
- name: Download SHA256 tag of ${{ env.BASE_BUILD_NAME }}:${{ matrix.os }}
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.os }}
|
||||
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.os }}-${{ github.run_id }}
|
||||
@ -535,7 +535,7 @@ jobs:
|
||||
|
||||
- name: Build ${{ matrix.build }}/${{ matrix.os }} and push
|
||||
id: docker_build
|
||||
uses: docker/build-push-action@v5
|
||||
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
|
||||
with:
|
||||
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }}
|
||||
file: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }}/Dockerfile
|
||||
@ -584,7 +584,7 @@ jobs:
|
||||
echo "$DIGEST" > $CACHE_FILE_NAME
|
||||
|
||||
- name: Caching SHA256 tag of the image
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ matrix.build }}_${{ matrix.os }}
|
||||
key: ${{ matrix.build }}-${{ matrix.os }}-${{ github.run_id }}
|
||||
@ -723,7 +723,7 @@ jobs:
|
||||
rekor.sigstore.dev:443
|
||||
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
|
||||
fetch-depth: 1
|
||||
@ -737,18 +737,18 @@ jobs:
|
||||
run: cosign version
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v3
|
||||
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
|
||||
with:
|
||||
image: tonistiigi/binfmt:latest
|
||||
platforms: all
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
|
||||
with:
|
||||
driver-opts: image=moby/buildkit:master
|
||||
|
||||
- name: Login to DockerHub
|
||||
uses: docker/login-action@v3
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
@ -799,7 +799,7 @@ jobs:
|
||||
|
||||
- name: Generate tags
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
|
||||
with:
|
||||
images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX}}${{ matrix.build }}
|
||||
context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }}
|
||||
@ -815,7 +815,7 @@ jobs:
|
||||
latest=${{ (needs.init_build.outputs.current_branch != 'trunk') && (matrix.os == 'alpine') && ( needs.init_build.outputs.is_default_branch == 'true' ) }}
|
||||
|
||||
- name: Download SHA256 tag of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.os }}
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
if: ${{ matrix.build != 'snmptraps' }}
|
||||
with:
|
||||
path: ${{ steps.build_base_image.outputs.build_base }}_${{ matrix.os }}
|
||||
@ -879,7 +879,7 @@ jobs:
|
||||
|
||||
- name: Build and push image
|
||||
id: docker_build
|
||||
uses: docker/build-push-action@v5
|
||||
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
|
||||
with:
|
||||
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }}
|
||||
file: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }}/Dockerfile
|
||||
|
38
.github/workflows/images_build_rhel.yml
vendored
38
.github/workflows/images_build_rhel.yml
vendored
@ -53,7 +53,7 @@ jobs:
|
||||
github.com:443
|
||||
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
fetch-depth: 1
|
||||
|
||||
@ -116,7 +116,7 @@ jobs:
|
||||
contents: read
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
fetch-depth: 1
|
||||
|
||||
@ -137,7 +137,7 @@ jobs:
|
||||
|
||||
- name: Generate tags
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
|
||||
with:
|
||||
images: ${{ env.IMAGES_PREFIX }}${{ matrix.build }}
|
||||
tags: |
|
||||
@ -145,7 +145,7 @@ jobs:
|
||||
|
||||
- name: Build Zabbix Build Base
|
||||
id: build_image
|
||||
uses: redhat-actions/buildah-build@v2
|
||||
uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2.12
|
||||
with:
|
||||
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel
|
||||
layers: false
|
||||
@ -171,7 +171,7 @@ jobs:
|
||||
echo "$DIGEST" > "$CACHE_FILE_NAME"
|
||||
|
||||
- name: Cache image digest
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}
|
||||
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }}
|
||||
@ -191,7 +191,7 @@ jobs:
|
||||
id-token: write
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
fetch-depth: 1
|
||||
|
||||
@ -204,14 +204,14 @@ jobs:
|
||||
|
||||
- name: Generate tags
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
|
||||
with:
|
||||
images: ${{ env.IMAGES_PREFIX }}${{ matrix.build }}
|
||||
tags: |
|
||||
type=sha,suffix=-${{ steps.lc.outputs.arch }}
|
||||
|
||||
- name: Download SHA256 tag of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }}
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}
|
||||
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }}
|
||||
@ -236,7 +236,7 @@ jobs:
|
||||
|
||||
- name: Build Zabbix Build Base
|
||||
id: build_image
|
||||
uses: redhat-actions/buildah-build@v2
|
||||
uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2.12
|
||||
with:
|
||||
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel
|
||||
layers: false
|
||||
@ -261,7 +261,7 @@ jobs:
|
||||
echo "$DIGEST" > "$CACHE_FILE_NAME"
|
||||
|
||||
- name: Cache image digest
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ matrix.build }}_${{ matrix.arch }}
|
||||
key: ${{ matrix.build }}-${{ matrix.arch }}-${{ github.run_id }}
|
||||
@ -281,7 +281,7 @@ jobs:
|
||||
id-token: write
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
fetch-depth: 1
|
||||
|
||||
@ -337,7 +337,7 @@ jobs:
|
||||
echo "password=$REGISTRY_PASSWORD" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Log in to Quay.io
|
||||
uses: redhat-actions/podman-login@v1.6
|
||||
uses: redhat-actions/podman-login@9184318aae1ee5034fbfbacc0388acf12669171f # v1.6
|
||||
if: ${{ env.AUTO_PUSH_IMAGES == 'true' }}
|
||||
env:
|
||||
LOGIN: ${{ steps.login_credentials.outputs.username }}
|
||||
@ -357,7 +357,7 @@ jobs:
|
||||
|
||||
- name: Generate tags
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
|
||||
with:
|
||||
images: ${{ env.REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ steps.image_name.outputs.image_name }}
|
||||
tags: |
|
||||
@ -368,7 +368,7 @@ jobs:
|
||||
suffix=${{ matrix.arch == 'ARM64' && '-arm64' || '' }},onlatest=true
|
||||
|
||||
- name: Download SHA256 tag of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }}
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ steps.build_base_image.outputs.build_base }}_${{ matrix.arch }}
|
||||
key: ${{ steps.build_base_image.outputs.build_base }}-${{ matrix.arch }}-${{ github.run_id }}
|
||||
@ -393,7 +393,7 @@ jobs:
|
||||
|
||||
- name: Build ${{ matrix.build }}
|
||||
id: build_image
|
||||
uses: redhat-actions/buildah-build@v2
|
||||
uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2.12
|
||||
with:
|
||||
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel
|
||||
layers: false
|
||||
@ -408,7 +408,7 @@ jobs:
|
||||
- name: Push to RedHat certification procedure
|
||||
id: push_to_registry
|
||||
if: ${{ env.AUTO_PUSH_IMAGES == 'true' }}
|
||||
uses: redhat-actions/push-to-registry@v2
|
||||
uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2.7.1
|
||||
with:
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
|
||||
@ -448,7 +448,7 @@ jobs:
|
||||
- name: Push to RedHat certification procedure
|
||||
id: push_to_registry_all_tags
|
||||
if: ${{ env.AUTO_PUSH_IMAGES == 'true' }}
|
||||
uses: redhat-actions/push-to-registry@v2
|
||||
uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2.7.1
|
||||
with:
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
|
||||
@ -479,7 +479,7 @@ jobs:
|
||||
permissions: {}
|
||||
steps:
|
||||
- name: Download SHA256 tag of ${{ matrix.build }}:${{ matrix.arch }}
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ matrix.build }}_${{ matrix.arch }}
|
||||
key: ${{ matrix.build }}-${{ matrix.arch }}-${{ github.run_id }}
|
||||
@ -496,7 +496,7 @@ jobs:
|
||||
podman rmi -i -f "$BUILD_BASE_IMAGE"
|
||||
|
||||
- name: Download SHA256 tag of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }}
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}
|
||||
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }}
|
||||
|
28
.github/workflows/images_build_windows.yml
vendored
28
.github/workflows/images_build_windows.yml
vendored
@ -67,7 +67,7 @@ jobs:
|
||||
github.com:443
|
||||
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
|
||||
fetch-depth: 1
|
||||
@ -155,7 +155,7 @@ jobs:
|
||||
component: ${{ fromJson(needs.init_build.outputs.components) }}
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
|
||||
fetch-depth: 1
|
||||
@ -169,7 +169,7 @@ jobs:
|
||||
run: cosign version
|
||||
|
||||
- name: Login to DockerHub
|
||||
uses: docker/login-action@v3
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
@ -190,7 +190,7 @@ jobs:
|
||||
|
||||
- name: Generate tags
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
|
||||
with:
|
||||
images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ env.BASE_IMAGE_NAME }}
|
||||
context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }}
|
||||
@ -324,7 +324,7 @@ jobs:
|
||||
$Env:DIGEST | Set-Content -Path $Env:CACHE_FILE_NAME
|
||||
|
||||
- name: Cache image digest
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ env.BASE_IMAGE_NAME }}_${{ matrix.os }}_${{ matrix.component }}
|
||||
key: ${{ env.BASE_IMAGE_NAME }}-${{ matrix.os }}-${{ github.run_id }}
|
||||
@ -344,7 +344,7 @@ jobs:
|
||||
component: ${{ fromJson(needs.init_build.outputs.components) }}
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
|
||||
fetch-depth: 1
|
||||
@ -358,7 +358,7 @@ jobs:
|
||||
run: cosign version
|
||||
|
||||
- name: Login to DockerHub
|
||||
uses: docker/login-action@v3
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
@ -379,7 +379,7 @@ jobs:
|
||||
|
||||
- name: Generate tags
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
|
||||
with:
|
||||
images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ env.BASE_BUILD_IMAGE_NAME }}
|
||||
context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }}
|
||||
@ -395,7 +395,7 @@ jobs:
|
||||
latest=false
|
||||
|
||||
- name: Download SHA256 tag of ${{ env.BASE_IMAGE_NAME }}:${{ matrix.os }}
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ env.BASE_IMAGE_NAME }}_${{ matrix.os }}_${{ matrix.component }}
|
||||
key: ${{ env.BASE_IMAGE_NAME }}-${{ matrix.os }}-${{ github.run_id }}
|
||||
@ -551,7 +551,7 @@ jobs:
|
||||
$Env:DIGEST | Set-Content -Path $Env:CACHE_FILE_NAME
|
||||
|
||||
- name: Cache image digest
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ env.BASE_BUILD_IMAGE_NAME }}_${{ matrix.os }}_${{ matrix.component }}
|
||||
key: ${{ env.BASE_BUILD_IMAGE_NAME }}-${{ matrix.os }}-${{ github.run_id }}
|
||||
@ -571,7 +571,7 @@ jobs:
|
||||
component: ${{ fromJson(needs.init_build.outputs.components) }}
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
|
||||
fetch-depth: 1
|
||||
@ -585,7 +585,7 @@ jobs:
|
||||
run: cosign version
|
||||
|
||||
- name: Login to DockerHub
|
||||
uses: docker/login-action@v3
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
@ -606,7 +606,7 @@ jobs:
|
||||
|
||||
- name: Generate tags
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
|
||||
with:
|
||||
images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ matrix.component }}
|
||||
context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }}
|
||||
@ -622,7 +622,7 @@ jobs:
|
||||
latest=false
|
||||
|
||||
- name: Download SHA256 tag of ${{ env.BASE_BUILD_IMAGE_NAME }}:${{ matrix.os }}
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ env.BASE_BUILD_IMAGE_NAME }}_${{ matrix.os }}_${{ matrix.component }}
|
||||
key: ${{ env.BASE_BUILD_IMAGE_NAME }}-${{ matrix.os }}-${{ github.run_id }}
|
||||
|
5
.github/workflows/scorecard.yml
vendored
5
.github/workflows/scorecard.yml
vendored
@ -32,6 +32,11 @@ jobs:
|
||||
# actions: read
|
||||
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
with:
|
||||
egress-policy: audit
|
||||
|
||||
- name: "Checkout code"
|
||||
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
|
||||
with:
|
||||
|
Loading…
Reference in New Issue
Block a user