Skip to content
CI/CD Pipeline

chore(deps): bump docker/build-push-action from 5 to 6 #16

Sign in to view logs

chore(deps): bump docker/build-push-action from 5 to 6

chore(deps): bump docker/build-push-action from 5 to 6 #16

Workflow file for this run

.github/workflows/docker-multiarch-build.yml at fa077bf
name: CI/CD Pipeline
on:
schedule:
- cron: '0 1 * * *' # Daily security scans
push:
tags: "[1-9]+.[0-9]+.[0-9]+"
branches: [ "main" ]
pull_request:
branches: [ "main" ]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
format: 'sarif'
output: 'trivy-results.sarif'
ignore-unfixed: true
severity: 'CRITICAL,HIGH'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: 'trivy-results.sarif'
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Run hadolint
uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfile
- name: Run shellcheck
uses: ludeeus/action-shellcheck@master
with:
scandir: './scripts'
build-and-push:
needs: [security-scan, lint]
runs-on: ubuntu-latest
permissions:
packages: write
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
docker.io/${{ env.IMAGE_NAME }}
tags: |
type=semver,pattern={{version}}
type=sha,format=long
type=ref,event=branch
type=ref,event=pr
- name: Login to GitHub Container Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Docker Hub
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Generate changelog
if: github.event_name != 'pull_request'
uses: orhun/git-cliff-action@v3
with:
config: cliff.toml
args: --verbose
env:
OUTPUT: CHANGELOG.md
GITHUB_REPO: ${{ github.repository }}
- uses: stefanzweifel/git-auto-commit-action@v5
if: github.event_name != 'pull_request'
with:
commit_message: Update changelog
branch: cliff-changelog-${{ steps.meta.outputs.VERSION }}
create_branch: true
notify:
needs: build-and-push
runs-on: ubuntu-latest
if: always()
steps:
- name: Notify status
uses: actions/github-script@v7
with:
script: |
const { repo, owner } = context.repo;
const run_id = context.runId;
const run_url = `https://github.com/${owner}/${repo}/actions/runs/${run_id}`;
const status = '${{ needs.build-and-push.result }}' === 'success' ? '✅' : '❌';
if (context.issue.number) {
await github.rest.issues.createComment({
owner,
repo,
issue_number: context.issue.number,
body: `Build status: ${status}\nDetails: ${run_url}`
});
}