feat: download dhparam from mozilla instead of storing it in project #4
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
on: # yamllint disable-line rule:truthy | |
pull_request: | |
paths-ignore: | |
- '**.md' | |
env: | |
DOCKER_NAMESPACE: wayofdev/nginx | |
GHCR_NAMESPACE: ghcr.io/wayofdev/docker-nginx | |
name: 🧪 Test Docker images | |
concurrency: | |
group: "${{ github.workflow }}-${{ github.ref }}" | |
cancel-in-progress: true | |
jobs: | |
test: | |
strategy: | |
fail-fast: false | |
matrix: | |
os_name: ["alpine"] | |
nginx_type: ["dev", "k8s"] | |
builder: [{arch: "amd64", os: "ubuntu-latest"}] | |
runs-on: ${{ matrix.builder.os }} | |
steps: | |
- name: 🌎 Set environment variables | |
run: | | |
tag="${{ matrix.nginx_type }}-${{ matrix.os_name }}-${{ matrix.builder.arch }}" | |
target="nginx-${{ matrix.nginx_type }}-${{ matrix.os_name }}" | |
echo "TARGET=${target}" >> "$GITHUB_ENV" | |
echo "PLATFORM_CACHE_TAG=${tag}" >> "$GITHUB_ENV" | |
- name: 📦 Check out the codebase | |
uses: actions/[email protected] | |
- name: 🛠️ Install goss and dgoss | |
uses: e1himself/[email protected] | |
with: | |
version: v0.4.6 | |
- name: 🤖 Generate dist files | |
run: ansible-playbook src/playbook.yml -l ${{ matrix.nginx_type }}-${{ matrix.os_name }} | |
- name: 🖥️ Setup docker QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: 🛠️ Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
buildkitd-flags: "--debug" | |
- name: 🔑 Login to docker-hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_TOKEN }} | |
- name: 🔑 Login to GHCR | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: 🐳 Extract docker meta data | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
${{ env.DOCKER_NAMESPACE }} | |
${{ env.GHCR_NAMESPACE }} | |
tags: | | |
type=raw,event=branch,value=latest | |
type=ref,event=pr | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
flavor: | | |
latest=false | |
prefix=${{ matrix.nginx_type }}-${{ matrix.os_name }}- | |
- name: 🧪 Bake image for testing | |
id: bake | |
uses: docker/[email protected] | |
with: | |
targets: ${{ env.TARGET }} | |
files: | | |
./docker-bake.hcl | |
${{ steps.meta.outputs.bake-file }} | |
push: false | |
set: | | |
*.tags= | |
*.platform=linux/${{ matrix.builder.arch }} | |
*.cache-from=type=gha,scope=build-${{ env.PLATFORM_CACHE_TAG }} | |
*.cache-to=type=gha,scope=build-${{ env.PLATFORM_CACHE_TAG }} | |
*.output=type=docker,"name=${{ env.DOCKER_NAMESPACE }},${{ env.GHCR_NAMESPACE }}",name-canonical=true | |
- name: 🧪 Test Docker image | |
run: | | |
export IMAGE_TEMPLATE=${{ matrix.nginx_type }}-${{ matrix.os_name }} | |
export IMAGE_TAG=${{ env.DOCKER_NAMESPACE }}:latest | |
make test | |
- name: 🔍 Run Docker Scout | |
id: docker-scout | |
uses: docker/scout-action@v1 | |
with: | |
command: cves,recommendations | |
ignore-unchanged: true | |
only-fixed: true | |
only-severities: critical,high | |
keep-previous-comments: true | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
dockerhub-user: ${{ secrets.DOCKER_USERNAME }} | |
dockerhub-password: ${{ secrets.DOCKER_TOKEN }} | |
... |