zabbix-docker/.github/workflows/dockerhub_description.yml
Alexey Pustovalov 043d7ac2cc Merge pull request #1483 from zabbix/dependabot/github_actions/step-security/harden-runner-2.9.1
Bump step-security/harden-runner from 2.8.1 to 2.9.1
2024-08-14 18:52:09 +09:00

71 lines
1.9 KiB
YAML

name: DockerHub Description
on:
push:
branches:
- 'trunk'
paths:
- 'Dockerfiles/*/README.md'
- '.github/workflows/dockerhub_description.yml'
workflow_dispatch:
env:
DOCKER_REPOSITORY: "zabbix"
IMAGES_PREFIX: "zabbix-"
DOCKERFILES_DIRECTORY: "./Dockerfiles"
permissions:
contents: read
jobs:
main:
name: Update description
runs-on: ubuntu-latest
env:
DOCKER_REPOSITORY: "zabbix"
permissions:
contents: read
strategy:
fail-fast: false
matrix:
component:
- build-base
- build-mysql
- build-pgsql
- build-sqlite3
- agent
- agent2
- java-gateway
- proxy-mysql
- proxy-sqlite3
- server-mysql
- server-pgsql
- snmptraps
- web-apache-mysql
- web-apache-pgsql
- web-nginx-mysql
- web-nginx-pgsql
- web-service
steps:
- name: Block egress traffic
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
github.com:443
hub.docker.com:443
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 1
- name: Update DockerHub repo description (zabbix-${{ matrix.component }})
uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
repository: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ matrix.component }}
readme-filepath: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.component }}/README.md