Build Zerotier Dev - Debian version #152
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Zerotier Dev - Debian version | |
| on: | |
| push: | |
| paths: | |
| - .github/workflows/build-dev-debian.yml | |
| - Dockerfile.debian | |
| branches: | |
| - main | |
| schedule: | |
| - cron: '0 0 * * *' | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| name: Build and push to registry | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Clone the repository | |
| uses: actions/checkout@v3 | |
| - name: Environment Vars setup | |
| run: | | |
| echo "zt_dev_sha=$(git ls-remote https://github.com/zerotier/ZeroTierOne.git --head refs/heads/dev | awk '{print $1}')" >> "$GITHUB_ENV" | |
| - name: Tar as root | |
| run: | | |
| sudo mv -fv /usr/bin/tar /usr/bin/tar.orig | |
| echo -e '#!/bin/sh\n\nsudo /usr/bin/tar.orig "$@"' | sudo tee -a /usr/bin/tar | |
| sudo chmod +x /usr/bin/tar | |
| - name: Enable caching for podman | |
| id: cache-podman-restore | |
| uses: actions/cache/restore@v3 | |
| with: | |
| path: | | |
| ~/.local/share/containers | |
| key: ${{ runner.os }}-${{ runner.arch }}-zerotier-docker-debian-dev | |
| - name: Podman Socket | |
| run: | | |
| podman system service --time=0 unix:///tmp/podman.sock & | |
| - name: Fetch trivy | |
| run: | | |
| podman pull docker.io/aquasec/trivy:latest | |
| - name: Log in to Quay | |
| uses: redhat-actions/podman-login@v1 | |
| with: | |
| registry: "quay.io" | |
| username: ${{ secrets.ZENITH_QUAY_USER }} | |
| password: ${{ secrets.ZENITH_QUAY_TOKEN }} | |
| - name: Build container - origin branch dev | |
| id: build-dev-debian | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| image: zerotier-docker | |
| tags: dev-debian | |
| layers: true | |
| containerfiles: | | |
| ./Dockerfile.debian | |
| build-args: | | |
| zt_version=dev | |
| - name: Build container - origin branch dev - sha commit | |
| id: build-sha-debian | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| image: zerotier-docker | |
| tags: ${{ env.zt_dev_sha }}-debian | |
| layers: true | |
| containerfiles: | | |
| ./Dockerfile.debian | |
| build-args: | | |
| zt_version=dev | |
| quay_expiration=1w | |
| - name: Push to Quay - origin branch dev | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| image: ${{ steps.build-dev-debian.outputs.image }} | |
| tags: ${{ steps.build-dev-debian.outputs.tags }} | |
| registry: quay.io/zenithtecnologia | |
| - name: Push to Quay - origin branch dev - sha commit | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| image: ${{ steps.build-sha-debian.outputs.image }} | |
| tags: ${{ steps.build-sha-debian.outputs.tags }} | |
| registry: quay.io/zenithtecnologia | |
| - name: Update caching for podman | |
| uses: actions/cache/save@v3 | |
| with: | |
| path: | | |
| ~/.local/share/containers | |
| key: ${{ steps.cache-podman-restore.outputs.cache-primary-key }} | |
| - name: Run Trivy vulnerability scanner - origin branch dev | |
| run: | | |
| podman run --privileged -v /tmp/podman.sock:/var/run/docker.sock -v ./:/data docker.io/aquasec/trivy:latest image --quiet --format sarif --output /data/zerotier-docker-debian.sarif --severity CRITICAL,HIGH --vuln-type os,library --ignore-unfixed ${{ steps.build-dev-debian.outputs.image }} | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: 'zerotier-docker-debian.sarif' |