build(deps): Bump actions/checkout from 3 to 4 #31

Workflow file for this run

.github/workflows/artifacts.yaml at 74641d9

	name: Artifacts

	on:
	push:
	branches:
	- main
	pull_request:

	jobs:
	container-images:
	name: Container images
	runs-on: ubuntu-latest
	strategy:
	matrix:
	curiefense:
	- "1.5"
	emissary:
	- "3.2"
	- "3.3"
	- "3.4"
	- "3.5"
	- "3.6"

	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Detect image versions used
	id: versions
	run: \|
	echo curiefense=$(grep "FROM curiefense/curieproxy-envoy" ${{ matrix.curiefense }}/${{ matrix.emissary }}/Dockerfile \| cut -c 35- \| cut -d ' ' -f 1) >> $GITHUB_OUTPUT
	echo emissary=$(grep "FROM docker.io/emissaryingress/emissary" ${{ matrix.curiefense }}/${{ matrix.emissary }}/Dockerfile \| cut -c 41-) >> $GITHUB_OUTPUT

	- name: Gather metadata
	id: meta
	uses: docker/metadata-action@v4
	with:
	images: \|
	ghcr.io/${{ github.repository_owner }}/emissary
	flavor: \|
	latest = false
	tags: \|
	type=raw,value=${{ steps.versions.outputs.emissary }}-curiefense${{ steps.versions.outputs.curiefense }}-build.${{ github.run_number }}
	type=raw,value=${{ steps.versions.outputs.emissary }}-curiefense${{ steps.versions.outputs.curiefense }}
	type=raw,value=${{ matrix.emissary }}-curiefense${{ matrix.curiefense }}-build.${{ github.run_number }}
	type=raw,value=${{ matrix.emissary }}-curiefense${{ matrix.curiefense }}
	labels: \|
	org.opencontainers.image.documentation=https://docs.curiefense.io/

	# - name: Set up QEMU
	# uses: docker/setup-qemu-action@v2
	# with:
	# platforms: all

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v2
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ github.token }}
	if: github.event_name == 'push'

	- name: Build and push
	uses: docker/build-push-action@v4
	with:
	context: ${{ matrix.curiefense }}/${{ matrix.emissary }}
	# platforms: linux/amd64,linux/arm/v7,linux/arm64
	cache-from: type=gha
	cache-to: type=gha,mode=max
	push: ${{ github.event_name == 'push' }}
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@0.11.0
	with:
	image-ref: "ghcr.io/${{ github.repository_owner }}/emissary:${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}"
	format: "sarif"
	output: "trivy-results.sarif"
	if: github.event_name == 'push'

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: "trivy-results.sarif"
	if: github.event_name == 'push'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): Bump actions/checkout from 3 to 4 #31

Workflow file

build(deps): Bump actions/checkout from 3 to 4 #31

Jobs

Run details

Workflow file for this run