-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
107 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
name: Push | ||
|
||
on: | ||
push: | ||
tags: | ||
- v** | ||
|
||
jobs: | ||
build: | ||
timeout-minutes: 30 | ||
permissions: | ||
packages: write | ||
contents: read | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
|
||
# <Special tagging for flux manifests | ||
- name: Prepare tag name from Release Tag | ||
if: ${{ startsWith(github.ref, 'refs/tags/v') }} | ||
run: echo "TAG=${GITHUB_REF##*/}" >> $GITHUB_ENV | ||
# Special tagging for flux manifests> | ||
|
||
- name: Set tag and image outputs (backend) | ||
id: set_tag | ||
run: | | ||
test -n "${TAG}" || TAG=temp-${GITHUB_SHA::8}-$(date +%s) | ||
IMAGE="ghcr.io/asilbek99/action-cleanup" | ||
echo ::set-output name=tagged_image::${IMAGE}:${TAG} | ||
echo ::set-output name=tag::${TAG} | ||
# Setting default tag if none of above was set & Setting full image name> | ||
- name: Set up Docker buildX | ||
id: buildx | ||
uses: docker/setup-buildx-action@master | ||
|
||
- name: Login to Container Registry | ||
uses: docker/login-action@v1 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
# WRKDR is a Github Actions workaround for WORKDIR in Dockerfiles. See Dockerfile | ||
|
||
- name: Build image | ||
id: build | ||
uses: docker/build-push-action@v2 | ||
with: | ||
context: . | ||
file: Dockerfile | ||
push: false | ||
pull: true | ||
load: true | ||
builder: ${{ steps.buildx.outputs.name }} | ||
tags: ${{ steps.set_tag.outputs.tagged_image }} | ||
|
||
|
||
- name: Scan image | ||
id: scan_backend | ||
uses: anchore/scan-action@v2 | ||
with: | ||
image: ${{ steps.set_tag.outputs.tagged_image }} | ||
grype-version: 0.15.0 | ||
severity-cutoff: critical | ||
fail-build: false | ||
acs-report-enable: true | ||
- name: Push image | ||
run: docker push ${{ steps.set_tag.outputs.tagged_image }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
FROM alpine@sha256:185518070891758909c9f839cf4ca393ee977ac378609f700f60a771a2dfe321 | ||
|
||
RUN apk update && apk add bash && rm -rf /var/cache/apk/* | ||
# Copies your code file from your action repository to the filesystem path `/` of the container | ||
COPY entrypoint.sh /entrypoint.sh | ||
|
||
RUN addgroup -g 1000 actions | ||
RUN adduser -u 1000 -G actions -h /home/actions -D actions | ||
|
||
# Code file to execute when the docker container starts up (`entrypoint.sh`) | ||
ENTRYPOINT ["/entrypoint.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
name: "Cleanup Workspace" | ||
description: "Deletes all files in the work directory." | ||
runs: | ||
using: "docker" | ||
image: "docker://ghcr.io/asilbek99/action-cleanup:v1.0" | ||
branding: | ||
icon: delete | ||
color: red |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
#!/bin/bash | ||
|
||
set -e # fail on error | ||
|
||
# include hidden files | ||
# https://askubuntu.com/questions/740805/how-can-i-remove-all-files-from-current-directory-using-terminal | ||
shopt -s dotglob | ||
echo "Cleaning up Workspace directory." | ||
rm -rf * | ||
chown -R actions:actions . | ||
|
||
# Cleanup home directory | ||
echo "Cleaning up home directory." | ||
[[ -d "$HOME" ]] && cd "$HOME" && rm -rf * && chown -R actions:actions . | ||
|
||
# Cleanup event json | ||
echo "Cleaning up event.json." | ||
[[ -f "$GITHUB_EVENT_PATH" ]] && rm $GITHUB_EVENT_PATH | ||
|
||
echo "Post job cleanup complete." |