security: fix CVE-2023-48795 #130
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: docker-nightly | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- '*.*.*' | |
pull_request: | |
jobs: | |
docker: | |
name: Docker | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: "1.19.x" | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Get Build Data | |
id: info | |
run: | | |
echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ') | |
export TEMP=$(cd auth_server && go run gen_version.go) | |
echo ::set-output name=version::$(echo -n $TEMP | awk '{print $1}') | |
echo ::set-output name=build_id::$(echo -n $TEMP | awk '{print $2}') | |
- name: Docker meta | |
id: docker_meta | |
uses: crazy-max/ghaction-docker-meta@v1 | |
with: | |
images: cesanta/docker_auth | |
tag-edge: true | |
tag-semver: | | |
{{version}} | |
{{major}} | |
{{major}}.{{minor}} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
with: | |
platforms: all | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
install: true | |
version: latest | |
# TODO: Remove driver-opts once fix is released docker/buildx#386 | |
driver-opts: image=moby/buildkit:master | |
- name: Login to DockerHub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
if: github.event_name == 'push' | |
- name: Build and Push | |
uses: docker/build-push-action@v2 | |
with: | |
context: auth_server | |
file: auth_server/Dockerfile | |
platforms: linux/amd64,linux/arm64,linux/arm/v7 | |
push: ${{ github.event_name == 'push' }} | |
tags: ${{ steps.docker_meta.outputs.tags }} | |
build-args: | | |
VERSION=${{ steps.info.outputs.version }} | |
BUILD_ID=${{ steps.info.outputs.build_id }} | |
labels: | | |
org.opencontainers.image.title=${{ github.event.repository.name }} | |
org.opencontainers.image.description=${{ github.event.repository.description }} | |
org.opencontainers.image.url=${{ github.event.repository.html_url }} | |
org.opencontainers.image.source=${{ github.event.repository.clone_url }} | |
org.opencontainers.image.version=${{ steps.imagetag.outputs.value }} | |
org.opencontainers.image.created=${{ steps.info.outputs.created }} | |
org.opencontainers.image.revision=${{ github.sha }} | |
org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }} |