Skip to content

Commit

Permalink
chore(build): add support to push to multiple registries (#11)
Browse files Browse the repository at this point in the history 
- add support to push images to multiple registries
- use ubuntu-latest in the workflow
- use docker build-push action instead of scripts
- update alpine version to 3.12.4 to mitigate some vulnerabilities marked as HIGH severity


Signed-off-by: Akhil Mohan <[email protected]>
  • Loading branch information
@akhilerm
akhilerm authored Mar 5, 2021
1 parent a5b5a02 commit 0783d48
Show file tree
Hide file tree
Showing 4 changed files with 110 additions and 19 deletions.
58 changes: 51 additions & 7 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,15 +22,42 @@ jobs:
- name: Checkout
uses: actions/checkout@v2

- name: Set tag
- name: Set Image Org
# sets the default IMAGE_ORG to openebs
run: |
[ -z "${{ secrets.IMAGE_ORG }}" ] && IMAGE_ORG=openebs || IMAGE_ORG=${{ secrets.IMAGE_ORG}}
echo "IMAGE_ORG=${IMAGE_ORG}" >> $GITHUB_ENV
- name: Set CI Tag
run: |
BRANCH="${GITHUB_REF##*/}"
CI_TAG=${BRANCH#v}-ci
if [ ${BRANCH} = "master" ]; then
CI_TAG="ci"
fi
echo "TAG=${CI_TAG}" >> $GITHUB_ENV
echo "BRANCH=${BRANCH}" >> $GITHUB_ENV
- name: Set Build Date
id: date
run: |
echo "::set-output name=DATE::$(date -u +'%Y-%m-%dT%H:%M:%S%Z')"
- name: Docker meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
with:
# add each registry to which the image needs to be pushed here
images: |
${{ env.IMAGE_ORG }}/linux-utils
quay.io/${{ env.IMAGE_ORG }}/linux-utils
tag-latest: false
tag-custom-only: true
tag-custom: |
${{ env.TAG }}
- name: Print Tags
run: |
echo "${{ steps.docker_meta.outputs.tags }}"
- name: Setup QEMU
uses: docker/setup-qemu-action@v1
Expand All @@ -49,13 +76,28 @@ jobs:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Login to Quay
uses: docker/login-action@v1
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_TOKEN }}

- name: Build & Push Image
run: |
make buildx.image
make buildx.push
uses: docker/build-push-action@v2
with:
file: ./Dockerfile
push: true
platforms: linux/amd64, linux/arm64, linux/arm/v7, linux/ppc64le
tags: |
${{ steps.docker_meta.outputs.tags }}
build-args: |
DBUILD_DATE=${{ steps.date.outputs.DATE }}
DBUILD_REPO_URL=https://github.com/openebs/linux-utils
DBUILD_SITE_URL=https://openebs.io
trivy:
runs-on: ubuntu-18.04
runs-on: ubuntu-latest
needs: ['linux-utils']
steps:
- name: Checkout code
Expand All @@ -64,7 +106,9 @@ jobs:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: openebs/linux-utils:${{ env.TAG }}
# the tag will be always ci since only master branch is present
# in this repository
image-ref: 'openebs/linux-utils:ci'
format: 'table'
exit-code: '1'
ignore-unfixed: true
Expand Down
11 changes: 8 additions & 3 deletions .github/workflows/pull_request.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,14 @@ jobs:
version: v0.5.1

- name: Build Image
env:
IMG_RESULT: load
run: make buildx.image
uses: docker/build-push-action@v2
with:
file: ./Dockerfile
push: false
load: true
platforms: linux/amd64
tags: |
openebs/linux-utils:ci
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
Expand Down
58 changes: 50 additions & 8 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,39 @@ jobs:
- name: Checkout
uses: actions/checkout@v1

- name: Set Tag
- name: Set Image Org
# sets the default IMAGE_ORG to openebs
run: |
[ -z "${{ secrets.IMAGE_ORG }}" ] && IMAGE_ORG=openebs || IMAGE_ORG=${{ secrets.IMAGE_ORG}}
echo "IMAGE_ORG=${IMAGE_ORG}" >> $GITHUB_ENV
- name: Set Release Tag
run: |
TAG="${GITHUB_REF#refs/*/v}"
echo "TAG=${TAG}" >> $GITHUB_ENV
echo "RELEASE_TAG=${TAG}" >> $GITHUB_ENV
- name: Set Build Date
id: date
run: |
echo "::set-output name=DATE::$(date -u +'%Y-%m-%dT%H:%M:%S%Z')"
- name: Docker meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
with:
# add each registry to which the image needs to be pushed here
images: |
${{ env.IMAGE_ORG }}/linux-utils
quay.io/${{ env.IMAGE_ORG }}/linux-utils
tag-latest: true
tag-semver: |
{{version}}
- name: Print Tags
run: |
echo "${{ steps.docker_meta.outputs.tags }}"
echo "RELEASE TAG: ${RELEASE_TAG}"
- name: Setup QEMU
uses: docker/setup-qemu-action@v1
with:
Expand All @@ -48,22 +75,37 @@ jobs:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Login to Quay
uses: docker/login-action@v1
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_TOKEN }}

- name: Build & Push Image
run: |
make buildx.image
make buildx.push
uses: docker/build-push-action@v2
with:
file: ./Dockerfile
push: true
platforms: linux/amd64, linux/arm64, linux/arm/v7, linux/ppc64le
tags: |
${{ steps.docker_meta.outputs.tags }}
build-args: |
DBUILD_DATE=${{ steps.date.outputs.DATE }}
DBUILD_REPO_URL=https://github.com/openebs/linux-utils
DBUILD_SITE_URL=https://openebs.io
RELEASE_TAG=${RELEASE_TAG}
trivy:
runs-on: ubuntu-18.04
runs-on: ubuntu-latest
needs: ['linux-utils']
steps:
- name: Checkout code
uses: actions/checkout@v2

- name: Set Tag
- name: Set Release Tag
run: |
TAG="${GITHUB_REF#refs/*/v}"
echo "TAG=${TAG}" >> $GITHUB_ENV
echo "RELEASE_TAG=${TAG}" >> $GITHUB_ENV
- name: Run Trivy vulnerability scanner
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM alpine:3.12.0
FROM alpine:3.12.4
RUN apk add --no-cache util-linux

ARG DBUILD_DATE
Expand Down

0 comments on commit 0783d48

Please sign in to comment.