From a48447a6b2e6acf421e8634ac76814fa8d01c0f3 Mon Sep 17 00:00:00 2001 From: Claire Date: Thu, 1 Feb 2024 10:33:12 +0100 Subject: [PATCH 1/3] Add github action workflow for manual security builds (#29040) --- .github/workflows/build-security.yml | 62 ++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 .github/workflows/build-security.yml diff --git a/.github/workflows/build-security.yml b/.github/workflows/build-security.yml new file mode 100644 index 00000000000000..cc9bae922781a4 --- /dev/null +++ b/.github/workflows/build-security.yml @@ -0,0 +1,62 @@ +name: Build security nightly container image + +permissions: + contents: read + packages: write + +jobs: + compute-suffix: + runs-on: ubuntu-latest + if: github.repository == 'mastodon/mastodon' + steps: + - id: version_vars + env: + TZ: Etc/UTC + run: | + echo mastodon_version_prerelease=nightly.$(date --date='next day' +'%Y-%m-%d')-security>> $GITHUB_OUTPUT + outputs: + prerelease: ${{ steps.version_vars.outputs.mastodon_version_prerelease }} + + build-image: + needs: compute-suffix + uses: ./.github/workflows/build-container-image.yml + with: + file_to_build: Dockerfile + platforms: linux/amd64,linux/arm64 + use_native_arm64_builder: true + cache: false + push_to_images: | + tootsuite/mastodon + ghcr.io/mastodon/mastodon + version_prerelease: ${{ needs.compute-suffix.outputs.prerelease }} + labels: | + org.opencontainers.image.description=Nightly build image used for testing purposes + flavor: | + latest=auto + tags: | + type=raw,value=edge + type=raw,value=nightly + type=schedule,pattern=${{ needs.compute-suffix.outputs.prerelease }} + secrets: inherit + + build-image-streaming: + needs: compute-suffix + uses: ./.github/workflows/build-container-image.yml + with: + file_to_build: streaming/Dockerfile + platforms: linux/amd64,linux/arm64 + use_native_arm64_builder: true + cache: false + push_to_images: | + tootsuite/mastodon-streaming + ghcr.io/mastodon/mastodon-streaming + version_prerelease: ${{ needs.compute-suffix.outputs.prerelease }} + labels: | + org.opencontainers.image.description=Nightly build image used for testing purposes + flavor: | + latest=auto + tags: | + type=raw,value=edge + type=raw,value=nightly + type=schedule,pattern=${{ needs.compute-suffix.outputs.prerelease }} + secrets: inherit From 85bdd145dc9aee5ae003126c9fd4e490215f7a9a Mon Sep 17 00:00:00 2001 From: Claire Date: Thu, 1 Feb 2024 10:40:04 +0100 Subject: [PATCH 2/3] Adapt workflow to glitch-soc --- .github/workflows/build-security.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-security.yml b/.github/workflows/build-security.yml index cc9bae922781a4..fbc85f52eb8b06 100644 --- a/.github/workflows/build-security.yml +++ b/.github/workflows/build-security.yml @@ -7,7 +7,6 @@ permissions: jobs: compute-suffix: runs-on: ubuntu-latest - if: github.repository == 'mastodon/mastodon' steps: - id: version_vars env: @@ -26,8 +25,7 @@ jobs: use_native_arm64_builder: true cache: false push_to_images: | - tootsuite/mastodon - ghcr.io/mastodon/mastodon + ghcr.io/${{ github.repository_owner }}/mastodon version_prerelease: ${{ needs.compute-suffix.outputs.prerelease }} labels: | org.opencontainers.image.description=Nightly build image used for testing purposes @@ -45,11 +43,10 @@ jobs: with: file_to_build: streaming/Dockerfile platforms: linux/amd64,linux/arm64 - use_native_arm64_builder: true + use_native_arm64_builder: false cache: false push_to_images: | - tootsuite/mastodon-streaming - ghcr.io/mastodon/mastodon-streaming + ghcr.io/${{ github.repository_owner }}/mastodon version_prerelease: ${{ needs.compute-suffix.outputs.prerelease }} labels: | org.opencontainers.image.description=Nightly build image used for testing purposes From 883f5896534a74399740766848323e7d59d5464c Mon Sep 17 00:00:00 2001 From: Claire Date: Thu, 1 Feb 2024 10:52:01 +0100 Subject: [PATCH 3/3] Fix missing `workflow_dispatch` trigger for `build-security` (#29041) --- .github/workflows/build-security.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build-security.yml b/.github/workflows/build-security.yml index fbc85f52eb8b06..00944daeb33363 100644 --- a/.github/workflows/build-security.yml +++ b/.github/workflows/build-security.yml @@ -1,4 +1,6 @@ name: Build security nightly container image +on: + workflow_dispatch: permissions: contents: read