Build OpenSSL Build Environment #68
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build OpenSSL Build Environment | |
| on: | |
| push: | |
| branches: [ main ] | |
| paths: | |
| - '!**' | |
| - '.github/workflows/build-openssl-buildenv.yaml' | |
| env: | |
| DOCKERHUB_SLUG: "madnuttah/unbound" | |
| VERSION: "3.2.1-1" | |
| jobs: | |
| linux_x86: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: step-security/harden-runner@v2 | |
| with: | |
| egress-policy: block | |
| disable-telemetry: true | |
| allowed-endpoints: | |
| dl-cdn.alpinelinux.org:443 | |
| github.com:443 | |
| docker.io | |
| index.docker.io | |
| auth.docker.io:443 | |
| registry-1.docker.io:443 | |
| production.cloudflare.docker.com:443 | |
| objects.githubusercontent.com:443 | |
| keys.openpgp.org:443 | |
| keyserver.ubuntu.com:443 | |
| pipelines.actions.githubusercontent.com:443 | |
| www.openssl.org:443 | |
| - name: Checkout source | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Dockerhub | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: linux_x86 | |
| uses: docker/build-push-action@v5 | |
| with: | |
| platforms: linux/386 | |
| builder: ${{ steps.buildx.outputs.name }} | |
| file: ./openssl/linux_x86.Dockerfile | |
| push: ${{ github.event_name != 'pull_request' }} | |
| provenance: false | |
| tags: | | |
| ${{ env.DOCKERHUB_SLUG }}:openssl-buildenv-${{ env.VERSION }}-386 | |
| linux_arm_v6: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: step-security/harden-runner@v2 | |
| with: | |
| egress-policy: block | |
| disable-telemetry: true | |
| allowed-endpoints: | |
| dl-cdn.alpinelinux.org:443 | |
| github.com:443 | |
| docker.io | |
| index.docker.io | |
| auth.docker.io:443 | |
| registry-1.docker.io:443 | |
| production.cloudflare.docker.com:443 | |
| objects.githubusercontent.com:443 | |
| keys.openpgp.org:443 | |
| keyserver.ubuntu.com:443 | |
| pipelines.actions.githubusercontent.com:443 | |
| www.openssl.org:443 | |
| - name: Checkout source | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Dockerhub | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: linux_arm_v6 | |
| uses: docker/build-push-action@v5 | |
| with: | |
| platforms: linux/arm/v6 | |
| builder: ${{ steps.buildx.outputs.name }} | |
| file: ./openssl/linux_arm.Dockerfile | |
| push: ${{ github.event_name != 'pull_request' }} | |
| provenance: false | |
| tags: | | |
| ${{ env.DOCKERHUB_SLUG }}:openssl-buildenv-${{ env.VERSION }}-armv6 | |
| linux_arm_v7: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: step-security/harden-runner@v2 | |
| with: | |
| egress-policy: block | |
| disable-telemetry: true | |
| allowed-endpoints: | |
| dl-cdn.alpinelinux.org:443 | |
| github.com:443 | |
| docker.io | |
| index.docker.io | |
| auth.docker.io:443 | |
| registry-1.docker.io:443 | |
| production.cloudflare.docker.com:443 | |
| objects.githubusercontent.com:443 | |
| keys.openpgp.org:443 | |
| keyserver.ubuntu.com:443 | |
| pipelines.actions.githubusercontent.com:443 | |
| www.openssl.org:443 | |
| - name: Checkout source | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Dockerhub | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: linux_arm_v7 | |
| uses: docker/build-push-action@v5 | |
| with: | |
| platforms: linux/arm/v7 | |
| builder: ${{ steps.buildx.outputs.name }} | |
| file: ./openssl/linux_arm.Dockerfile | |
| push: ${{ github.event_name != 'pull_request' }} | |
| provenance: false | |
| tags: | | |
| ${{ env.DOCKERHUB_SLUG }}:openssl-buildenv-${{ env.VERSION }}-armv7 | |
| linux_arm64: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: step-security/harden-runner@v2 | |
| with: | |
| egress-policy: block | |
| disable-telemetry: true | |
| allowed-endpoints: | |
| dl-cdn.alpinelinux.org:443 | |
| github.com:443 | |
| docker.io | |
| index.docker.io | |
| auth.docker.io:443 | |
| registry-1.docker.io:443 | |
| production.cloudflare.docker.com:443 | |
| objects.githubusercontent.com:443 | |
| keys.openpgp.org:443 | |
| keyserver.ubuntu.com:443 | |
| pipelines.actions.githubusercontent.com:443 | |
| www.openssl.org:443 | |
| - name: Checkout source | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Dockerhub | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: linux_arm64 | |
| uses: docker/build-push-action@v5 | |
| with: | |
| platforms: linux/arm64 | |
| builder: ${{ steps.buildx.outputs.name }} | |
| file: ./openssl/linux_64.Dockerfile | |
| push: ${{ github.event_name != 'pull_request' }} | |
| provenance: false | |
| tags: | | |
| ${{ env.DOCKERHUB_SLUG }}:openssl-buildenv-${{ env.VERSION }}-arm64 | |
| linux_amd64: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: step-security/harden-runner@v2 | |
| with: | |
| egress-policy: block | |
| disable-telemetry: true | |
| allowed-endpoints: | |
| dl-cdn.alpinelinux.org:443 | |
| github.com:443 | |
| docker.io | |
| index.docker.io | |
| auth.docker.io:443 | |
| registry-1.docker.io:443 | |
| production.cloudflare.docker.com:443 | |
| objects.githubusercontent.com:443 | |
| keys.openpgp.org:443 | |
| keyserver.ubuntu.com:443 | |
| pipelines.actions.githubusercontent.com:443 | |
| www.openssl.org:443 | |
| - name: Checkout source | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Dockerhub | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: linux_amd64 | |
| uses: docker/build-push-action@v5 | |
| with: | |
| platforms: linux/amd64 | |
| builder: ${{ steps.buildx.outputs.name }} | |
| file: ./openssl/linux_64.Dockerfile | |
| push: ${{ github.event_name != 'pull_request' }} | |
| provenance: false | |
| tags: | | |
| ${{ env.DOCKERHUB_SLUG }}:openssl-buildenv-${{ env.VERSION }}-amd64 | |
| create-manifest-list: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - linux_x86 | |
| - linux_arm_v6 | |
| - linux_arm_v7 | |
| - linux_arm64 | |
| - linux_amd64 | |
| steps: | |
| - uses: step-security/harden-runner@v2 | |
| with: | |
| egress-policy: block | |
| disable-telemetry: true | |
| allowed-endpoints: | |
| github.com:443 | |
| docker.io | |
| index.docker.io | |
| auth.docker.io:443 | |
| registry-1.docker.io:443 | |
| production.cloudflare.docker.com:443 | |
| objects.githubusercontent.com:443 | |
| pipelines.actions.githubusercontent.com:443 | |
| - name: Checkout source | |
| uses: actions/checkout@v4 | |
| - name: Login to Dockerhub | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Create and push multiarch manifests | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| docker manifest create ${{ env.DOCKERHUB_SLUG }}:openssl-buildenv-${{ env.VERSION }} \ | |
| --amend ${{ env.DOCKERHUB_SLUG }}:openssl-buildenv-${{ env.VERSION }}-386 \ | |
| --amend ${{ env.DOCKERHUB_SLUG }}:openssl-buildenv-${{ env.VERSION }}-arm64 \ | |
| --amend ${{ env.DOCKERHUB_SLUG }}:openssl-buildenv-${{ env.VERSION }}-amd64 \ | |
| --amend ${{ env.DOCKERHUB_SLUG }}:openssl-buildenv-${{ env.VERSION }}-armv6 \ | |
| --amend ${{ env.DOCKERHUB_SLUG }}:openssl-buildenv-${{ env.VERSION }}-armv7 | |
| docker manifest push ${{ env.DOCKERHUB_SLUG }}:openssl-buildenv-${{ env.VERSION }} |