Skip to content

[Snyk] Fix for 2 vulnerabilities #406

[Snyk] Fix for 2 vulnerabilities

[Snyk] Fix for 2 vulnerabilities #406

name: Docker
on:
push:
branches:
- master
- release-*
# Run tests for any PRs.
pull_request:
jobs:
docker:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Cache Docker layers
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Docker meta (controller)
id: controller-meta
uses: docker/metadata-action@v3
with:
images: |
quay.io/codefresh/argo-rollouts
ghcr.io/codefresh-io/argo-rollouts
tags: |
type=ref,event=branch
flavor: |
latest=${{ github.ref == 'refs/heads/master' }}
- name: Docker meta (plugin)
id: plugin-meta
uses: docker/metadata-action@v3
with:
images: |
quay.io/codefresh/kubectl-argo-rollouts
ghcr.io/codefresh-io/kubectl-argo-rollouts
tags: |
type=ref,event=branch
flavor: |
latest=${{ github.ref == 'refs/heads/master' }}
- name: Login to GitHub Container Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Quay.io
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_ROBOT_TOKEN }}
# avoid building linux/arm64 for PRs since it takes so long
- name: Set Platform Matrix
id: platform-matrix
run: |
PLATFORM_MATRIX=linux/amd64
if [ ${{ github.event_name != 'pull_request' }} = true ]; then
PLATFORM_MATRIX=$PLATFORM_MATRIX,linux/arm64
fi
echo "::set-output name=platform-matrix::$PLATFORM_MATRIX"
- name: Build and push (controller-image)
uses: docker/build-push-action@v2
with:
platforms: ${{ steps.platform-matrix.outputs.platform-matrix }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.controller-meta.outputs.tags }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
- name: Build and push (plugin-image)
uses: docker/build-push-action@v2
with:
target: kubectl-argo-rollouts
platforms: ${{ steps.platform-matrix.outputs.platform-matrix }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.plugin-meta.outputs.tags }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache