ignore hcl files in code spell checker #229
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json | |
name: ci | |
on: | |
push: | |
paths: | |
- '**/Dockerfile' | |
- '**/toolsets/*.json' | |
- '**/.github/workflows/ci.yml' | |
pull_request: | |
branches: [main] | |
workflow_dispatch: | |
permissions: | |
contents: read | |
packages: write | |
pull-requests: write | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
platforms: ${{ github.event_name == 'pull_request' && fromJson('["linux/amd64", "linux/arm64"]') || fromJson('["linux/amd64,linux/arm64"]') }} | |
from-version: ['22.04', '20.04'] | |
include: | |
- from-version: '22.04' | |
from-version-major: '22' | |
from-version-minor: '04' | |
distro: 'ubuntu' | |
codename: 'jammy' | |
from-flavor: 'act' | |
- from-version: '20.04' | |
from-version-major: '20' | |
from-version-minor: '04' | |
distro: 'ubuntu' | |
codename: 'focal' | |
from-flavor: 'act' | |
env: | |
BUILDKIT_PROGRESS: plain | |
FROM_IMAGE_PATH: /tmp/${{ matrix.distro }}-${{ matrix.from-version }}.tar | |
IMAGE_NAME: ${{ format('{0}-{1}', matrix.distro, matrix.from-flavor) }} | |
IMAGE_REPOSITORY: ${{ format('{0}/{1}-{2}', vars.DOCKERHUB_USER || github.repository_owner, matrix.distro, matrix.from-flavor) }} | |
REGISTRY: ${{ vars.DOCKERHUB_USER && 'docker.io' || 'ghcr.io' }} | |
SHA: ${{ github.event.pull_request.head.sha || github.event.after || github.sha }} | |
TO_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}', 'docker.io', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version) }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Free up disk space | |
uses: ./.github/actions/free-space | |
with: | |
deleteDotnet: 'true' | |
deleteAndroid: 'true' | |
- name: Set up QEMU | |
uses: docker/[email protected] | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
with: | |
driver: docker-container | |
driver-opts: image=moby/buildkit:v0.12.2,network=host | |
install: true | |
use: true | |
cleanup: true | |
platforms: ${{ matrix.platforms }} | |
# Login against a Docker registry | |
# https://github.com/docker/login-action | |
- name: Login to ${{ env.REGISTRY }} | |
uses: docker/[email protected] | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ vars.DOCKERHUB_USER || github.repository_owner }} | |
password: ${{ secrets.DOCKERHUB_TOKEN || secrets.GITHUB_TOKEN }} | |
logout: true | |
# Extract metadata (tags, labels) for Docker | |
# https://github.com/docker/metadata-action | |
- name: Extract Docker metadata | |
id: meta | |
uses: docker/[email protected] | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
images: ${{ github.actor == 'nektos/act' && env.IMAGE_REPOSITORY || env.REGISTRY_IMAGE }} | |
tags: | | |
type=sha,prefix=${{ matrix.from-version }}-,format=short,enable=${{ github.ref == 'refs/heads/main' }},priority=1000 | |
type=raw,value=${{ matrix.from-version }},enable=${{ github.ref == 'refs/heads/main' }},priority=900 | |
type=raw,value=${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }},priority=600 | |
flavor: | | |
latest=${{ github.ref == 'refs/heads/main' && matrix.from-version == '22.04' }} | |
labels: | | |
org.opencontainers.image.authors='${{ env.REPOSITORY_LINK }},${{ github.actor }}' | |
org.opencontainers.image.description=${{ github.event.repository.description }} | |
org.opencontainers.image.documentation=${{ env.REPOSITORY_LINK }} | |
org.opencontainers.image.revision=${{ env.SHA }} | |
org.opencontainers.image.source=${{ github.repositoryUrl }} | |
org.opencontainers.image.title=${{ env.IMAGE_REPOSITORY }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} | |
org.opencontainers.image.url=${{ env.REPOSITORY_LINK }}/blob/${{ env.SHA }}/linux/${{ matrix.distro }}/Dockerfile | |
org.opencontainers.image.vendor=${{ github.repository_owner }} | |
env: | |
REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} | |
REPOSITORY_LINK: https://github.com/${{ github.repository }} | |
# Get the architecture to use for the cache tag | |
- name: get arch | |
id: cache-arch | |
if: github.event_name == 'pull_request' | |
run: >- | |
printf "CACHE_ARCH=%s\n" "$( | |
docker run | |
--quiet | |
--platform ${{ matrix.platforms }} | |
--rm | |
"${PULL_IMAGE}" | |
/bin/bash -c "dpkg --print-architecture" | |
)" >> "$GITHUB_OUTPUT" | |
env: | |
PULL_IMAGE: ${{ format('{0}:{1}', matrix.distro, matrix.codename) }} | |
- name: Build and Push | |
uses: docker/[email protected] | |
with: | |
files: docker-bake.hcl | |
set: | | |
ubuntu*.platform=${{ matrix.platforms }} | |
ubuntu*.output=type=${{ env.OUTPUT_TYPE }},${{ env.OUTPUT_KIND }} | |
${{ github.event_name == 'pull_request' && github.actor != 'nektos/act' && format('--set *.cache-to=type=registry,ref={0}:cache-{1}-{2},mode=max', env.REGISTRY_IMAGE, matrix.codename, steps.cache-arch.outputs.CACHE_ARCH) || '' }} | |
env: | |
OUTPUT_KIND: ${{ github.event_name != 'pull_request' && 'push=true' || format('dest={0}', env.FROM_IMAGE_PATH) }} | |
OUTPUT_TYPE: ${{ github.event_name != 'pull_request' && 'registry' || 'docker' }} | |
REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} | |
# vulnerability scanning to verify PRs | |
- name: Docker Scout | |
id: docker-scout | |
uses: docker/[email protected] | |
if: github.event_name == 'pull_request' | |
with: | |
platform: ${{ matrix.platforms }} | |
command: quickview | |
image: ${{ env.FROM_IMAGE_PATH }} | |
type: archive | |
to: ${{ env.TO_TAG }} | |
ignore-unchanged: true | |
only-severities: critical | |
write-comment: ${{ github.actor != 'nektos/act' }} | |
summary: ${{ github.actor != 'nektos/act' }} | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
organization: ${{ vars.DOCKERHUB_USER || github.repository_owner }} | |
approve-pr: | |
name: Approve PR | |
runs-on: ubuntu-latest | |
needs: [build] | |
if: github.actor != 'nektos/act' && contains(fromJson('["mauwii","dependabot[bot]"]'), github.triggering_actor) && github.event_name == 'pull_request' && needs.build.result == 'success' | |
permissions: | |
contents: read | |
pull-requests: write | |
actions: write | |
steps: | |
# approve the PR (there is still a code-owner review necessary) | |
- name: Approve PR | |
run: gh pr review --approve "$PR_URL" | |
env: | |
PR_URL: ${{github.event.pull_request.html_url}} | |
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
# auto merge dependabot PRs | |
- name: Merge DependaBot | |
if: github.actor == 'dependabot[bot]' && needs.build.result == 'success' | |
run: gh pr merge --auto --merge "$PR_URL" | |
env: | |
PR_URL: ${{github.event.pull_request.html_url}} | |
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} |