Skip to content
Rocky Create container image

Add CodeQL Scan #14132

Sign in to view logs

Add CodeQL Scan

Add CodeQL Scan #14132

Workflow file for this run

.github/workflows/rocky_container_image.yml at 3ca731a
name: Rocky Create container image
on:
push:
branches:
- "main"
- "release-*"
tags:
- "*"
paths:
- octopoes/**
- rocky/**
- .github/workflows/rocky_container_image.yml
pull_request:
paths:
- octopoes/**
- rocky/**
- .github/workflows/rocky_container_image.yml
jobs:
create_container_image:
permissions:
contents: read
packages: write
runs-on: ubuntu-24.04
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Docker meta
id: meta
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
with:
images: |
ghcr.io/${{ github.repository_owner }}/nl-kat-rocky
tags: |
type=ref,event=branch
type=ref,event=tag
type=ref,event=pr
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
id: buildx
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Generate version.py
run: |
pip install setuptools-scm==7.1.0
python -m setuptools_scm
cp _version.py rocky/rocky/version.py
- name: Build container image
uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
with:
# We don't use git context because that doesn't process .dockerignore
# https://github.com/docker/cli/issues/2827
context: .
file: rocky/Dockerfile
push: ${{ github.event_name == 'push' || github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max