extern/zabbix-docker
1
0
Fork 0
mirror of https://github.com/zabbix/zabbix-docker.git synced 2025-06-01 07:36:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Prepare universal workflow

Browse Source
This commit is contained in:
Alexey Pustovalov 2024-02-08 13:35:09 +09:00
parent b3595fe39d
commit e6c8162ecb
1 changed files with 23 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
.github/workflows/images_build.yml vendored
View File

@ -33,6 +33,8 @@ jobs:
init_build: init_build:
name: Initialize build name: Initialize build
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: read
outputs: outputs:
os: ${{ steps.os.outputs.list }} os: ${{ steps.os.outputs.list }}
database: ${{ steps.database.outputs.list }} database: ${{ steps.database.outputs.list }}
@ -40,8 +42,6 @@ jobs:
is_default_branch: ${{ steps.branch_info.outputs.is_default_branch }} is_default_branch: ${{ steps.branch_info.outputs.is_default_branch }}
current_branch: ${{ steps.branch_info.outputs.current_branch }} current_branch: ${{ steps.branch_info.outputs.current_branch }}
branch: ${{ steps.branch_info.outputs.branch }} branch: ${{ steps.branch_info.outputs.branch }}
permissions:
contents: read
steps: steps:
- name: Block egress traffic - name: Block egress traffic
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
@ -128,7 +128,23 @@ jobs:
- name: Block egress traffic - name: Block egress traffic
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with: with:
egress-policy: audit disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
auth.docker.io:443
dl-cdn.alpinelinux.org:443
github.com:443
index.docker.io:443
production.cloudflare.docker.com:443
registry-1.docker.io:443
yum.oracle.com:443
archive.ubuntu.com:80
ports.ubuntu.com:80
security.ubuntu.com:80
mirrors.centos.org:443
quay.io:443
mirror.rackspace.com:443
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
@ -176,7 +192,6 @@ jobs:
flavor: | flavor: |
latest=${{ (needs.init_build.outputs.current_branch != 'trunk') && (matrix.os == 'alpine') && ( needs.init_build.outputs.is_default_branch == 'true' ) }} latest=${{ (needs.init_build.outputs.current_branch != 'trunk') && (matrix.os == 'alpine') && ( needs.init_build.outputs.is_default_branch == 'true' ) }}
- name: Build ${{ env.BASE_BUILD_NAME }}/${{ matrix.os }} and push - name: Build ${{ env.BASE_BUILD_NAME }}/${{ matrix.os }} and push
id: docker_build id: docker_build
uses: docker/build-push-action@v5 uses: docker/build-push-action@v5
@ -223,6 +238,8 @@ jobs:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v3
@ -326,6 +343,8 @@ jobs:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v3