Skip to content

Merge pull request #452 from puzzle/renovate/actions-checkout-digest #718

Merge pull request #452 from puzzle/renovate/actions-checkout-digest

Merge pull request #452 from puzzle/renovate/actions-checkout-digest #718

Workflow file for this run

name: Build user IDE
on:
push:
jobs:
build-ide:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Get smart tag
id: prepare
uses: Surgo/docker-smart-tag-action@v1
with:
default_branch: main
docker_image: quay.io/puzzle/amm-techlab-ide
-
name: Define image tag
run: |
if [[ "${{ steps.prepare.outputs.tag }}" == *:edge ]]; then
echo "IDE_IMAGE_TAG=quay.io/puzzle/amm-techlab-ide:latest" >> $GITHUB_ENV
else
echo "IDE_IMAGE_TAG=${{ steps.prepare.outputs.tag }}" >> $GITHUB_ENV
fi
-
name: Using image tag
run: echo ${{ env.IDE_IMAGE_TAG }}
-
name: Login to Quay.io Container Registry
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.QUAYIO_USERNAME }}
password: ${{ secrets.QUAYIO_TOKEN }}
-
name: Build Latest Version
uses: docker/build-push-action@v5
with:
context: ./infra/user-ide
file: ./infra/user-ide/Dockerfile
push: true
tags: ${{ env.IDE_IMAGE_TAG }}
-
name: Run vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ env.IDE_IMAGE_TAG }}'
format: 'table'
output: 'trivy-results.txt'
exit-code: '0'
ignore-unfixed: true
severity: 'CRITICAL,HIGH'
-
name: Archive vulnerability scan results
uses: actions/upload-artifact@v4
with:
name: trivy-results-ide
path: trivy-results.txt