diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..f1f691a --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,68 @@ +name: Push + +on: + push: + tags: + - v** + +jobs: + build: + timeout-minutes: 30 + permissions: + packages: write + contents: read + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + # > $GITHUB_ENV + # Special tagging for flux manifests> + + - name: Set tag and image outputs (backend) + id: set_tag + run: | + test -n "${TAG}" || TAG=temp-${GITHUB_SHA::8}-$(date +%s) + IMAGE="ghcr.io/asilbek99/action-cleanup" + echo ::set-output name=tagged_image::${IMAGE}:${TAG} + echo ::set-output name=tag::${TAG} + # Setting default tag if none of above was set & Setting full image name> + - name: Set up Docker buildX + id: buildx + uses: docker/setup-buildx-action@master + + - name: Login to Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # WRKDR is a Github Actions workaround for WORKDIR in Dockerfiles. See Dockerfile + + - name: Build image + id: build + uses: docker/build-push-action@v2 + with: + context: . + file: Dockerfile + push: false + pull: true + load: true + builder: ${{ steps.buildx.outputs.name }} + tags: ${{ steps.set_tag.outputs.tagged_image }} + + + - name: Scan image + id: scan_backend + uses: anchore/scan-action@v2 + with: + image: ${{ steps.set_tag.outputs.tagged_image }} + grype-version: 0.15.0 + severity-cutoff: critical + fail-build: false + acs-report-enable: true + - name: Push image + run: docker push ${{ steps.set_tag.outputs.tagged_image }} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..76138fe --- /dev/null +++ b/Dockerfile @@ -0,0 +1,11 @@ +FROM alpine@sha256:185518070891758909c9f839cf4ca393ee977ac378609f700f60a771a2dfe321 + +RUN apk update && apk add bash && rm -rf /var/cache/apk/* +# Copies your code file from your action repository to the filesystem path `/` of the container +COPY entrypoint.sh /entrypoint.sh + +RUN addgroup -g 1000 actions +RUN adduser -u 1000 -G actions -h /home/actions -D actions + +# Code file to execute when the docker container starts up (`entrypoint.sh`) +ENTRYPOINT ["/entrypoint.sh"] \ No newline at end of file diff --git a/action.yml b/action.yml new file mode 100644 index 0000000..7a4959f --- /dev/null +++ b/action.yml @@ -0,0 +1,8 @@ +name: "Cleanup Workspace" +description: "Deletes all files in the work directory." +runs: + using: "docker" + image: "docker://ghcr.io/asilbek99/action-cleanup:v1.0" +branding: + icon: delete + color: red \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..ad44ffb --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +set -e # fail on error + +# include hidden files +# https://askubuntu.com/questions/740805/how-can-i-remove-all-files-from-current-directory-using-terminal +shopt -s dotglob +echo "Cleaning up Workspace directory." +rm -rf * +chown -R actions:actions . + +# Cleanup home directory +echo "Cleaning up home directory." +[[ -d "$HOME" ]] && cd "$HOME" && rm -rf * && chown -R actions:actions . + +# Cleanup event json +echo "Cleaning up event.json." +[[ -f "$GITHUB_EVENT_PATH" ]] && rm $GITHUB_EVENT_PATH + +echo "Post job cleanup complete." \ No newline at end of file