-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
efbb098
commit d5e51e3
Showing
8 changed files
with
227 additions
and
224 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,98 +1,98 @@ | ||
| name: build | ||
| # name: build | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| # on: | ||
| # workflow_dispatch: | ||
|
|
||
| env: | ||
| BIN_NAME: ${{ vars.BIN_NAME }} | ||
| PKG_NAME: 'docker-operator' | ||
| DOCKER_HUB_REPO: 'arybolovlev/docker-operator' | ||
| # env: | ||
| # BIN_NAME: ${{ vars.BIN_NAME }} | ||
| # PKG_NAME: 'docker-operator' | ||
| # DOCKER_HUB_REPO: 'arybolovlev/docker-operator' | ||
|
|
||
| jobs: | ||
| set-product-version: | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| product-version: ${{ steps.set-product-version.outputs.product-version }} | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 | ||
| - name: Set product version | ||
| id: set-product-version | ||
| uses: hashicorp/actions-set-product-version@06bddb8ee70f0dda2e21c39b5f0913d36cc9d657 # v1 | ||
| # jobs: | ||
| # set-product-version: | ||
| # runs-on: ubuntu-latest | ||
| # outputs: | ||
| # product-version: ${{ steps.set-product-version.outputs.product-version }} | ||
| # steps: | ||
| # - name: Checkout repository | ||
| # uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 | ||
| # - name: Set product version | ||
| # id: set-product-version | ||
| # uses: hashicorp/actions-set-product-version@06bddb8ee70f0dda2e21c39b5f0913d36cc9d657 # v1 | ||
|
|
||
| generate-metadata-file: | ||
| needs: set-product-version | ||
| runs-on: ubuntu-latest | ||
| env: | ||
| METADATA_FILE_NAME: 'metadata.json' | ||
| outputs: | ||
| filepath: ${{ steps.generate-metadata-file.outputs.filepath }} | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 | ||
| - name: Generate metadata file | ||
| id: generate-metadata-file | ||
| uses: hashicorp/actions-generate-metadata@fdbc8803a0e53bcbb912ddeee3808329033d6357 # v1.1.1 | ||
| with: | ||
| version: ${{ needs.set-product-version.outputs.product-version }} | ||
| product: ${{ env.PKG_NAME }} | ||
| repositoryOwner: 'hashicorp' | ||
| metadataFileName: ${{ env.METADATA_FILE_NAME }} | ||
| - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | ||
| with: | ||
| name: metadata.json | ||
| path: ${{ env.METADATA_FILE_NAME }} | ||
| # generate-metadata-file: | ||
| # needs: set-product-version | ||
| # runs-on: ubuntu-latest | ||
| # env: | ||
| # METADATA_FILE_NAME: 'metadata.json' | ||
| # outputs: | ||
| # filepath: ${{ steps.generate-metadata-file.outputs.filepath }} | ||
| # steps: | ||
| # - name: Checkout repository | ||
| # uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 | ||
| # - name: Generate metadata file | ||
| # id: generate-metadata-file | ||
| # uses: hashicorp/actions-generate-metadata@fdbc8803a0e53bcbb912ddeee3808329033d6357 # v1.1.1 | ||
| # with: | ||
| # version: ${{ needs.set-product-version.outputs.product-version }} | ||
| # product: ${{ env.PKG_NAME }} | ||
| # repositoryOwner: 'hashicorp' | ||
| # metadataFileName: ${{ env.METADATA_FILE_NAME }} | ||
| # - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | ||
| # with: | ||
| # name: metadata.json | ||
| # path: ${{ env.METADATA_FILE_NAME }} | ||
|
|
||
| build: | ||
| name: Go Linux ${{ matrix.arch }} build | ||
| needs: [set-product-version] | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| go-version: ${{ steps.set-up-go.outputs.go-version }} | ||
| strategy: | ||
| matrix: | ||
| arch: ["amd64", "arm64"] | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 | ||
| - name: Setup Go | ||
| id: set-up-go | ||
| uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 | ||
| with: | ||
| go-version-file: 'go.mod' | ||
| - name: Go build | ||
| uses: hashicorp/actions-go-build@e20c6be7bf010e40e930dab20e6da63176725ec1 # v0.1.9 | ||
| with: | ||
| product_name: ${{ env.PKG_NAME }} | ||
| product_version: ${{ needs.set-product-version.outputs.product-version }} | ||
| bin_name: ${{ env.BIN_NAME }} | ||
| go_version: ${{ steps.set-up-go.outputs.go-version }} | ||
| os: linux | ||
| arch: ${{ matrix.arch }} | ||
| reproducible: report | ||
| instructions: | | ||
| go build -trimpath -o $BIN_PATH main.go | ||
| # build: | ||
| # name: Go Linux ${{ matrix.arch }} build | ||
| # needs: [set-product-version] | ||
| # runs-on: ubuntu-latest | ||
| # outputs: | ||
| # go-version: ${{ steps.set-up-go.outputs.go-version }} | ||
| # strategy: | ||
| # matrix: | ||
| # arch: ["amd64", "arm64"] | ||
| # steps: | ||
| # - name: Checkout repository | ||
| # uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 | ||
| # - name: Setup Go | ||
| # id: set-up-go | ||
| # uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 | ||
| # with: | ||
| # go-version-file: 'go.mod' | ||
| # - name: Go build | ||
| # uses: hashicorp/actions-go-build@e20c6be7bf010e40e930dab20e6da63176725ec1 # v0.1.9 | ||
| # with: | ||
| # product_name: ${{ env.PKG_NAME }} | ||
| # product_version: ${{ needs.set-product-version.outputs.product-version }} | ||
| # bin_name: ${{ env.BIN_NAME }} | ||
| # go_version: ${{ steps.set-up-go.outputs.go-version }} | ||
| # os: linux | ||
| # arch: ${{ matrix.arch }} | ||
| # reproducible: report | ||
| # instructions: | | ||
| # go build -trimpath -o $BIN_PATH main.go | ||
|
|
||
| build-docker: | ||
| name: Docker ${{ matrix.arch }} build | ||
| needs: [build, set-product-version] | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| arch: ["amd64", "arm64"] | ||
| # build-docker: | ||
| # name: Docker ${{ matrix.arch }} build | ||
| # needs: [build, set-product-version] | ||
| # runs-on: ubuntu-latest | ||
| # strategy: | ||
| # matrix: | ||
| # arch: ["amd64", "arm64"] | ||
|
|
||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 | ||
| - name: Docker build | ||
| uses: hashicorp/actions-docker-build@5e6230693cdbf8a6485b36f17740447ad28bf353 # v1.3.4 | ||
| env: | ||
| VERSION: ${{ needs.set-product-version.outputs.product-version }} | ||
| GO_VERSION: ${{ needs.build.outputs.go-version }} | ||
| with: | ||
| version: ${{ env.VERSION }} | ||
| bin_name: ${{ env.BIN_NAME }} | ||
| target: release-default | ||
| arch: ${{ matrix.arch }} | ||
| tags: | | ||
| docker.io/${{ env.DOCKER_HUB_REPO }}:${{ env.VERSION }} | ||
| # steps: | ||
| # - name: Checkout repository | ||
| # uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 | ||
| # - name: Docker build | ||
| # uses: hashicorp/actions-docker-build@5e6230693cdbf8a6485b36f17740447ad28bf353 # v1.3.4 | ||
| # env: | ||
| # VERSION: ${{ needs.set-product-version.outputs.product-version }} | ||
| # GO_VERSION: ${{ needs.build.outputs.go-version }} | ||
| # with: | ||
| # version: ${{ env.VERSION }} | ||
| # bin_name: ${{ env.BIN_NAME }} | ||
| # target: release-default | ||
| # arch: ${{ matrix.arch }} | ||
| # tags: | | ||
| # docker.io/${{ env.DOCKER_HUB_REPO }}:${{ env.VERSION }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,6 +2,8 @@ name: Build and Publish Docker Image | |
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - 'main' | ||
| tags: | ||
| - "v[0-9]+.[0-9]+.[0-9]+*" | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,51 +1,51 @@ | ||
| name: Scan Docker Image | ||
| # name: Scan Docker Image | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| # on: | ||
| # workflow_dispatch: | ||
|
|
||
| env: | ||
| DOCKER_IMAGE: docker-operator | ||
| BIN_NAME: docker-operator | ||
| # env: | ||
| # DOCKER_IMAGE: docker-operator | ||
| # BIN_NAME: docker-operator | ||
|
|
||
| jobs: | ||
| release-docker-hub: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Docker image metadata | ||
| id: meta | ||
| uses: docker/metadata-action@v4 | ||
| with: | ||
| images: ${{ env.DOCKER_IMAGE }} | ||
| tags: | | ||
| type=sha,format=long | ||
| # jobs: | ||
| # release-docker-hub: | ||
| # runs-on: ubuntu-latest | ||
| # steps: | ||
| # - name: Docker image metadata | ||
| # id: meta | ||
| # uses: docker/metadata-action@v4 | ||
| # with: | ||
| # images: ${{ env.DOCKER_IMAGE }} | ||
| # tags: | | ||
| # type=sha,format=long | ||
|
|
||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v2 | ||
| with: | ||
| platforms: amd64 | ||
| # - name: Set up QEMU | ||
| # uses: docker/setup-qemu-action@v2 | ||
| # with: | ||
| # platforms: amd64 | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v2 | ||
| # - name: Set up Docker Buildx | ||
| # uses: docker/setup-buildx-action@v2 | ||
|
|
||
| - name: Build and load Docker image | ||
| uses: docker/build-push-action@v3 | ||
| with: | ||
| platforms: linux/amd64 | ||
| push: false | ||
| load: true | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| # - name: Build and load Docker image | ||
| # uses: docker/build-push-action@v3 | ||
| # with: | ||
| # platforms: linux/amd64 | ||
| # push: false | ||
| # load: true | ||
| # tags: ${{ steps.meta.outputs.tags }} | ||
|
|
||
| - name: Run Trivy vulnerability scanner | ||
| uses: aquasecurity/trivy-action@master | ||
| with: | ||
| scan-type: image | ||
| format: sarif | ||
| image-ref: ${{ steps.meta.outputs.tags }} | ||
| output: 'trivy-results.sarif' | ||
| exit-code: '1' | ||
| # - name: Run Trivy vulnerability scanner | ||
| # uses: aquasecurity/trivy-action@master | ||
| # with: | ||
| # scan-type: image | ||
| # format: sarif | ||
| # image-ref: ${{ steps.meta.outputs.tags }} | ||
| # output: 'trivy-results.sarif' | ||
| # exit-code: '1' | ||
|
|
||
| - name: Upload Trivy scan results to GitHub Security tab | ||
| uses: github/codeql-action/upload-sarif@v2 | ||
| with: | ||
| category: 'Trivy Security Scan' | ||
| sarif_file: 'trivy-results.sarif' | ||
| # - name: Upload Trivy scan results to GitHub Security tab | ||
| # uses: github/codeql-action/upload-sarif@v2 | ||
| # with: | ||
| # category: 'Trivy Security Scan' | ||
| # sarif_file: 'trivy-results.sarif' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,46 +1,46 @@ | ||
| name: Security Scan Docker Image | ||
| # name: Security Scan Docker Image | ||
|
|
||
| on: | ||
| pull_request_review: | ||
| types: [submitted] | ||
| workflow_dispatch: | ||
| # on: | ||
| # pull_request_review: | ||
| # types: [submitted] | ||
| # workflow_dispatch: | ||
|
|
||
| env: | ||
| DOCKER_IMAGE: docker-operator | ||
| # env: | ||
| # DOCKER_IMAGE: docker-operator | ||
|
|
||
| jobs: | ||
| security-scan-docker-image: | ||
| if: github.event.review.state == 'approved' | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Docker image metadata | ||
| id: meta | ||
| uses: docker/metadata-action@v4 | ||
| with: | ||
| images: ${{ env.DOCKER_IMAGE }} | ||
| tags: | | ||
| type=sha,format=long | ||
| # jobs: | ||
| # security-scan-docker-image: | ||
| # if: github.event.review.state == 'approved' | ||
| # runs-on: ubuntu-latest | ||
| # steps: | ||
| # - name: Docker image metadata | ||
| # id: meta | ||
| # uses: docker/metadata-action@v4 | ||
| # with: | ||
| # images: ${{ env.DOCKER_IMAGE }} | ||
| # tags: | | ||
| # type=sha,format=long | ||
|
|
||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v2 | ||
| with: | ||
| platforms: amd64 | ||
| # - name: Set up QEMU | ||
| # uses: docker/setup-qemu-action@v2 | ||
| # with: | ||
| # platforms: amd64 | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v2 | ||
| # - name: Set up Docker Buildx | ||
| # uses: docker/setup-buildx-action@v2 | ||
|
|
||
| - name: Build and load Docker image | ||
| uses: docker/build-push-action@v3 | ||
| with: | ||
| platforms: linux/amd64 | ||
| push: false | ||
| load: true | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| # - name: Build and load Docker image | ||
| # uses: docker/build-push-action@v3 | ||
| # with: | ||
| # platforms: linux/amd64 | ||
| # push: false | ||
| # load: true | ||
| # tags: ${{ steps.meta.outputs.tags }} | ||
|
|
||
| - name: Run Trivy vulnerability scanner | ||
| uses: aquasecurity/trivy-action@master | ||
| with: | ||
| scan-type: image | ||
| format: table | ||
| image-ref: ${{ steps.meta.outputs.tags }} | ||
| exit-code: '1' | ||
| # - name: Run Trivy vulnerability scanner | ||
| # uses: aquasecurity/trivy-action@master | ||
| # with: | ||
| # scan-type: image | ||
| # format: table | ||
| # image-ref: ${{ steps.meta.outputs.tags }} | ||
| # exit-code: '1' |
Oops, something went wrong.