IT-3421 fix typo' (#4) #17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Run precommit and conditionally build container | |
on: | |
push: | |
branches: | |
- '*' | |
tags: | |
- 'v[0-9]+\.[0-9]+\.[0-9]+' | |
pull_request: | |
branches: | |
- '*' | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_PATH: ghcr.io/${{ github.repository }} | |
TARFILE_NAME: image.tar | |
jobs: | |
tests: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Static Analysis | |
uses: pre-commit/[email protected] | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/[email protected] | |
with: | |
images: ${{ env.IMAGE_PATH }} | |
tags: | | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}} # major.minor.patch | |
type=semver,pattern={{major}}.{{minor}} | |
- name: Check that build works, save for scanning, but don't push yet | |
uses: docker/[email protected] | |
with: | |
context: . | |
push: false | |
outputs: type=tar,dest=${{ env.TARFILE_NAME }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
- name: Upload tarball for use by Trivy job | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.TARFILE_NAME }} | |
path: ${{ env.TARFILE_NAME }} | |
outputs: | |
meta_json: ${{ steps.meta.outputs.json }} | |
tarfile_artifact: ${{ env.TARFILE_NAME }} | |
trivy-scan: | |
needs: tests | |
uses: "./.github/workflows/trivy.yml" | |
with: | |
SOURCE_TYPE: tar | |
IMAGE_NAME: image-name | |
TARFILE_NAME: ${{ needs.tests.outputs.tarfile_artifact }} | |
EXIT_CODE: 1 | |
push-image: | |
if: ${{ github.event_name == 'push' }} | |
needs: [tests, trivy-scan] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
strategy: | |
matrix: | |
value: ${{ fromJSON(needs.tests.outputs.meta_json).tags }} | |
steps: | |
- name: Download tar file | |
id: tar-download | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ env.TARFILE_NAME }} | |
path: /tmp | |
- name: Load Docker image from tar | |
run: cat | |
${{ steps.tar-download.outputs.download-path}}/${{ env.TARFILE_NAME}} | |
| docker import - ${{ matrix.value }} | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Push Docker image | |
run: docker push ${{ matrix.value }} | |
... |