From bc7b31536b42638fc5e2f766b59b2f90d0940b01 Mon Sep 17 00:00:00 2001 From: mauwii Date: Fri, 15 Sep 2023 02:09:33 +0200 Subject: [PATCH 01/53] update ci.yml - change push trigger to main branch - run local registry for PRs - add env.CACHE_FROM_REGISTRY - update env.IMAGE_REPOSITORY - remove docker credentials from env - use docker driver if PR - update metadata-action to v4.6.0 - update docker tag priority, make sha highest - fix label org.opencontainers.image.title - don't write cache if PR --- .github/workflows/ci.yml | 55 +++++++++++++++++++++++----------------- 1 file changed, 32 insertions(+), 23 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 615da1b..f2feca3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,6 +2,7 @@ name: ci on: push: + branches: [main] paths: - '**/Dockerfile' - '**/toolsets/*.json' @@ -34,13 +35,17 @@ jobs: distro: 'ubuntu' codename: 'focal' from-flavor: 'act' + services: + registry: + image: registry:2 + ports: [5000] + # options: --entrypoint /bin/registry env: - REGISTRY: docker.io + CACHE_FROM_REGISTRY: docker.io IMAGE_NAME: ${{ format('{0}-{1}', matrix.distro, matrix.from-flavor) }} - IMAGE_REPOSITORY: ${{ format('{0}/{1}', github.repository_owner, format('{0}-{1}', matrix.distro, matrix.from-flavor)) }} + IMAGE_REPOSITORY: ${{ format('{0}/{1}-{2}', github.repository_owner, matrix.distro, matrix.from-flavor) }} SHA: ${{ github.event.pull_request.head.sha || github.event.after }} - DOCKERHUB_USERNAME: ${{ github.repository_owner }} - DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} + REGISTRY: ${{ github.event_name == 'pull_request' && format('{0}:{1}','localhost', '5000') || 'docker.io' }} steps: - uses: actions/checkout@v4 @@ -55,10 +60,10 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2.10.0 - # with: - # driver-opts: | - # image=moby/buildkit:v0.12.2 - # network=host + with: + driver: ${{ github.event_name == 'pull_request' && 'docker' || 'docker-container' }} + driver-opts: ${{ github.event_name == 'pull_request' && 'network=host,image=moby/buildkit:v0.12.2' || '' }} + install: ${{ github.event_name == 'pull_request' && true || false }} # - name: Login to GitHub Container Registry # uses: docker/login-action@v2.1.0 @@ -71,24 +76,25 @@ jobs: # https://github.com/docker/login-action - name: Login to Docker Hub uses: docker/login-action@v2.2.0 + if: vars.DOCKERHUB_USER != '' with: - registry: ${{ env.REGISTRY }} - username: ${{ env.DOCKERHUB_USERNAME }} - password: ${{ env.DOCKERHUB_TOKEN }} + registry: ${{ env.CACHE_FROM_REGISTRY }} + username: ${{ vars.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_TOKEN }} logout: true # Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta - uses: docker/metadata-action@v4.4.0 + uses: docker/metadata-action@v4.6.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} - images: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} + images: ${{ github.event_name != 'pull_request' && format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) || env.IMAGE_REPOSITORY }} tags: | + type=sha,prefix=${{ matrix.from-version }}-,format=short,enable={{is_default_branch}},priority=1000 type=raw,value=${{ matrix.from-version }},enable={{is_default_branch}},priority=900 type=raw,value=${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }},priority=600 - type=sha,prefix=${{ matrix.from-version }}-,format=short,enable={{is_default_branch}},priority=100 flavor: | latest=${{ github.ref == format('refs/heads/{0}', 'main') && matrix.from-version == '22.04' }} labels: | @@ -97,7 +103,7 @@ jobs: org.opencontainers.image.documentation=${{ env.REPOSITORY_LINK }} org.opencontainers.image.revision=${{ env.SHA }} org.opencontainers.image.source=${{ github.repositoryUrl }} - org.opencontainers.image.title=${{ env.IMAGE_REPOSITORY }}:${{ github.head_ref || github.ref_name }} + org.opencontainers.image.title=${{ env.IMAGE_REPOSITORY }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} org.opencontainers.image.url=${{ env.REPOSITORY_LINK }}/blob/${{ env.SHA }}/linux/${{ matrix.distro }}/Dockerfile org.opencontainers.image.vendor=${{ github.repository_owner }} env: @@ -125,15 +131,15 @@ jobs: CODENAME=${{ matrix.codename }} # caching to speed up the build cache-from: | - type=registry,ref=${{ env.REGISTRY_IMAGE }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} - type=registry,ref=${{ env.REGISTRY_IMAGE }}:cache-${{ matrix.codename }} + ${{ format('type=registry,ref={0}:{1}', env.CACHE_FROM_REGISTRY, matrix.from-version) }} + ${{ format('type=registry,ref={0}:cache-{1}',env.CACHE_FROM_REGISTRY, matrix.codename) }} # cache exporter doesn't work with docker driver - cache-to: | - type=registry,ref=${{ env.REGISTRY_IMAGE }}:cache-${{ matrix.codename }},mode=max + cache-to: ${{ github.event_name != 'pull_request' && format('type=registry,ref={0}:cache-{1},mode=max',env.REGISTRY_IMAGE, matrix.codename) || '' }} # this will give us some useful information about the build provenance: mode=max - push: true - # outputs: type=image,name=${{ env.REGISTRY_IMAGE }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }},push=true + # push if not a PR, load if a PR + push: ${{ github.event_name != 'pull_request' }} + load: ${{ github.event_name == 'pull_request' }} env: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} @@ -145,14 +151,17 @@ jobs: with: command: sbom,compare image: ${{ steps.meta.outputs.tags }} - to: ${{ format('{0}/{1}:{2}', env.REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version) }} - organization: ${{ github.repository_owner }} + # image: ${{ format('{0}:{1}-{2}', env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} + to: ${{ format('{0}/{1}:{2}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version) }} + organization: ${{ vars.DOCKERHUB_USER }} ignore-unchanged: true only-severities: critical write-comment: ${{ github.actor != 'nektos/act' }} keep-previous-comments: true summary: ${{ github.actor != 'nektos/act' }} github-token: ${{ secrets.GITHUB_TOKEN }} + dockerhub-user: ${{ vars.DOCKERHUB_USER }} + dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }} # ToDo: Move into a separate workflow and depend on ci and mega-linter approve-pr: From bec74c1cfd2b79d2456e8bfffdbcf291478a0a17 Mon Sep 17 00:00:00 2001 From: mauwii Date: Fri, 15 Sep 2023 02:34:47 +0200 Subject: [PATCH 02/53] split platforms on PR --- .github/workflows/ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f2feca3..d77cb05 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,6 +22,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: + platforms: ${{ github.event_name == 'pull_request' && fromJson(format('["{0}","{1}"]', 'linux/amd64','linux/arm64')) || fromJson('["linux/amd64,linux/arm64"]') }} include: - from-version: '22.04' from-version-major: '22' @@ -119,7 +120,7 @@ jobs: # github-token for the repository context github-token: ${{ secrets.GITHUB_TOKEN }} file: ./linux/${{ matrix.distro }}/Dockerfile - platforms: linux/amd64,linux/arm64 + platforms: ${{ matrix.platforms }} labels: ${{ steps.meta.outputs.labels }} tags: ${{ steps.meta.outputs.tags }} build-args: | From be64ecfb6ff6fa877a14b3b0e82044ec8779c413 Mon Sep 17 00:00:00 2001 From: mauwii Date: Fri, 15 Sep 2023 04:34:14 +0200 Subject: [PATCH 03/53] update ci.yml - fix matrix - use docker-container driver for buildkit - always use image=moby/buildkit:v0.12.2 - fixed registry for login to docker hub - add platform to tag for PRs --- .github/workflows/ci.yml | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d77cb05..304a725 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,6 +23,7 @@ jobs: strategy: matrix: platforms: ${{ github.event_name == 'pull_request' && fromJson(format('["{0}","{1}"]', 'linux/amd64','linux/arm64')) || fromJson('["linux/amd64,linux/arm64"]') }} + from-version: [ '22.04', '20.04' ] include: - from-version: '22.04' from-version-major: '22' @@ -39,7 +40,8 @@ jobs: services: registry: image: registry:2 - ports: [5000] + ports: + - 5000:5000 # options: --entrypoint /bin/registry env: CACHE_FROM_REGISTRY: docker.io @@ -62,9 +64,14 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2.10.0 with: - driver: ${{ github.event_name == 'pull_request' && 'docker' || 'docker-container' }} - driver-opts: ${{ github.event_name == 'pull_request' && 'network=host,image=moby/buildkit:v0.12.2' || '' }} - install: ${{ github.event_name == 'pull_request' && true || false }} + driver: docker-container + # driver: ${{ github.event_name == 'pull_request' && 'docker' || 'docker-container' }} + driver-opts: | + image=moby/buildkit:v0.12.2 + ${{ github.event_name == 'pull_request' && 'network=host' || '' }} + install: true + # install: ${{ github.event_name == 'pull_request' && 'true' || 'false' }} + platforms: ${{ matrix.platforms }} # - name: Login to GitHub Container Registry # uses: docker/login-action@v2.1.0 @@ -79,7 +86,7 @@ jobs: uses: docker/login-action@v2.2.0 if: vars.DOCKERHUB_USER != '' with: - registry: ${{ env.CACHE_FROM_REGISTRY }} + registry: docker.io username: ${{ vars.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_TOKEN }} logout: true @@ -98,6 +105,7 @@ jobs: type=raw,value=${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }},priority=600 flavor: | latest=${{ github.ref == format('refs/heads/{0}', 'main') && matrix.from-version == '22.04' }} + ${{ github.event_name == 'pull_request' && format('suffix=-{0}', matrix.platforms) || '' }} labels: | org.opencontainers.image.authors=['${{ env.REPOSITORY_LINK }}','${{ github.actor }}'] org.opencontainers.image.description=${{ github.event.repository.description }} @@ -134,7 +142,7 @@ jobs: cache-from: | ${{ format('type=registry,ref={0}:{1}', env.CACHE_FROM_REGISTRY, matrix.from-version) }} ${{ format('type=registry,ref={0}:cache-{1}',env.CACHE_FROM_REGISTRY, matrix.codename) }} - # cache exporter doesn't work with docker driver + # don't export cache on PR cache-to: ${{ github.event_name != 'pull_request' && format('type=registry,ref={0}:cache-{1},mode=max',env.REGISTRY_IMAGE, matrix.codename) || '' }} # this will give us some useful information about the build provenance: mode=max From 199bc1532f861cc5604ea6a3da2e8465f5b862dd Mon Sep 17 00:00:00 2001 From: mauwii Date: Fri, 15 Sep 2023 05:49:05 +0200 Subject: [PATCH 04/53] update ci.yml - fix bracket spacing - add CACHE_FROM_REGISTRY_IMAGE - remove image loading --- .github/workflows/ci.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 304a725..5b46906 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,8 +22,8 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - platforms: ${{ github.event_name == 'pull_request' && fromJson(format('["{0}","{1}"]', 'linux/amd64','linux/arm64')) || fromJson('["linux/amd64,linux/arm64"]') }} - from-version: [ '22.04', '20.04' ] + platforms: ${{ github.event_name == 'pull_request' && fromJson(format('["{0}", "{1}"]', 'linux/amd64','linux/arm64')) || fromJson('["linux/amd64,linux/arm64"]') }} + from-version: ['22.04', '20.04'] include: - from-version: '22.04' from-version-major: '22' @@ -140,17 +140,17 @@ jobs: CODENAME=${{ matrix.codename }} # caching to speed up the build cache-from: | - ${{ format('type=registry,ref={0}:{1}', env.CACHE_FROM_REGISTRY, matrix.from-version) }} - ${{ format('type=registry,ref={0}:cache-{1}',env.CACHE_FROM_REGISTRY, matrix.codename) }} + ${{ format('type=registry,ref={0}:{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.from-version) }} + ${{ format('type=registry,ref={0}:cache-{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.codename) }} # don't export cache on PR - cache-to: ${{ github.event_name != 'pull_request' && format('type=registry,ref={0}:cache-{1},mode=max',env.REGISTRY_IMAGE, matrix.codename) || '' }} + cache-to: ${{ github.event_name != 'pull_request' && format('type=registry,ref={0}:cache-{1},mode=max', env.REGISTRY_IMAGE, matrix.codename) || '' }} # this will give us some useful information about the build provenance: mode=max - # push if not a PR, load if a PR - push: ${{ github.event_name != 'pull_request' }} - load: ${{ github.event_name == 'pull_request' }} + # push if ref is refs/heads/main + push: ${{ github.ref == 'refs/heads/main' }} env: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} + CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY) }} # vulnerability scanning to verify PRs - name: Docker Scout From 499fec20acbdedbee5727a53f1c620c86170f35f Mon Sep 17 00:00:00 2001 From: mauwii Date: Fri, 15 Sep 2023 10:39:40 +0200 Subject: [PATCH 05/53] update ci.yml - change values if running in act since act doesn't support services yet --- .github/workflows/ci.yml | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5b46906..ed9e580 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,7 +22,8 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - platforms: ${{ github.event_name == 'pull_request' && fromJson(format('["{0}", "{1}"]', 'linux/amd64','linux/arm64')) || fromJson('["linux/amd64,linux/arm64"]') }} + platforms: ['linux/amd64,linux/arm64'] + # platforms: ${{ github.event_name == 'pull_request' && fromJson(format('["{0}", "{1}"]', 'linux/amd64','linux/arm64')) || fromJson('["linux/amd64,linux/arm64"]') }} from-version: ['22.04', '20.04'] include: - from-version: '22.04' @@ -46,9 +47,9 @@ jobs: env: CACHE_FROM_REGISTRY: docker.io IMAGE_NAME: ${{ format('{0}-{1}', matrix.distro, matrix.from-flavor) }} - IMAGE_REPOSITORY: ${{ format('{0}/{1}-{2}', github.repository_owner, matrix.distro, matrix.from-flavor) }} + IMAGE_REPOSITORY: ${{ format('{0}/{1}-{2}', vars.DOCKERHUB_USER || github.repository_owner, matrix.distro, matrix.from-flavor) }} SHA: ${{ github.event.pull_request.head.sha || github.event.after }} - REGISTRY: ${{ github.event_name == 'pull_request' && format('{0}:{1}','localhost', '5000') || 'docker.io' }} + REGISTRY: ${{ github.ref == 'refs/heads/main' && format('{0}', vars.DOCKERHUB_USER != '' && 'docker.io' || 'ghcr.io') || 'localhost:5000' }} steps: - uses: actions/checkout@v4 @@ -65,20 +66,19 @@ jobs: uses: docker/setup-buildx-action@v2.10.0 with: driver: docker-container - # driver: ${{ github.event_name == 'pull_request' && 'docker' || 'docker-container' }} - driver-opts: | - image=moby/buildkit:v0.12.2 - ${{ github.event_name == 'pull_request' && 'network=host' || '' }} + driver-opts: image=moby/buildkit:v0.12.2${{ github.ref != 'refs/heads/main' && ',network=host' || '' }} install: true - # install: ${{ github.event_name == 'pull_request' && 'true' || 'false' }} platforms: ${{ matrix.platforms }} - # - name: Login to GitHub Container Registry - # uses: docker/login-action@v2.1.0 - # with: - # registry: ghcr.io - # username: ${{ github.repository_owner }} - # password: ${{ secrets.GITHUB_TOKEN }} + # Login to github container registry + # https://github.com/docker/login-action + - name: Login to GitHub Container Registry + uses: docker/login-action@v2.1.0 + if: vars.DOCKERHUB_USER == '' + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} # Login against a Docker registry # https://github.com/docker/login-action @@ -98,14 +98,13 @@ jobs: uses: docker/metadata-action@v4.6.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} - images: ${{ github.event_name != 'pull_request' && format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) || env.IMAGE_REPOSITORY }} + images: ${{ github.actor != 'nektos/act' && format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) || env.IMAGE_REPOSITORY }} tags: | type=sha,prefix=${{ matrix.from-version }}-,format=short,enable={{is_default_branch}},priority=1000 type=raw,value=${{ matrix.from-version }},enable={{is_default_branch}},priority=900 type=raw,value=${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }},priority=600 flavor: | latest=${{ github.ref == format('refs/heads/{0}', 'main') && matrix.from-version == '22.04' }} - ${{ github.event_name == 'pull_request' && format('suffix=-{0}', matrix.platforms) || '' }} labels: | org.opencontainers.image.authors=['${{ env.REPOSITORY_LINK }}','${{ github.actor }}'] org.opencontainers.image.description=${{ github.event.repository.description }} @@ -143,11 +142,12 @@ jobs: ${{ format('type=registry,ref={0}:{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.from-version) }} ${{ format('type=registry,ref={0}:cache-{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.codename) }} # don't export cache on PR - cache-to: ${{ github.event_name != 'pull_request' && format('type=registry,ref={0}:cache-{1},mode=max', env.REGISTRY_IMAGE, matrix.codename) || '' }} + cache-to: ${{ github.ref == 'refs/heads/main' && format('type=registry,ref={0}:cache-{1},mode=max', env.REGISTRY_IMAGE, matrix.codename) || '' }} # this will give us some useful information about the build provenance: mode=max - # push if ref is refs/heads/main - push: ${{ github.ref == 'refs/heads/main' }} + # push if not building with act + push: ${{ github.actor != 'nektos/act' }} + load: ${{ github.actor == 'nektos/act' }} env: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY) }} @@ -160,7 +160,7 @@ jobs: with: command: sbom,compare image: ${{ steps.meta.outputs.tags }} - # image: ${{ format('{0}:{1}-{2}', env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} + # image: ${{ github.actor != 'nektos/act' && steps.meta.outputs.tags || format('{0}:{1}-{2}', env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} to: ${{ format('{0}/{1}:{2}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version) }} organization: ${{ vars.DOCKERHUB_USER }} ignore-unchanged: true From de26e53e8f4d3a23dd7e7b2bbd97e979a1666507 Mon Sep 17 00:00:00 2001 From: mauwii Date: Fri, 15 Sep 2023 17:23:20 +0200 Subject: [PATCH 06/53] update README.md - remove DOCKER_HOST - add Docker Engine - use reference links where applicable --- README.md | 75 +++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 51 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index fceae1e..1f0bd36 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,16 @@ # 🐳 Docker images for [nektos/act](https://github.com/nektos/act) -[![Docker Pulls](https://badgen.net/docker/pulls/mauwii/ubuntu-act?icon=docker&label=pulls)](https://hub.docker.com/r/mauwii/ubuntu-act/) -[![Docker Image Size](https://badgen.net/docker/size/mauwii/ubuntu-act?icon=docker&label=image%20size)](https://hub.docker.com/r/mauwii/ubuntu-act/) -[![Docker Stars](https://badgen.net/docker/stars/mauwii/ubuntu-act?icon=docker&label=stars)](https://hub.docker.com/r/mauwii/ubuntu-act/) -[![Github stars](https://badgen.net/github/stars/mauwii/act-docker-images?icon=github&label=stars)](https://github.com/mauwii/act-docker-images) -[![Github forks](https://badgen.net/github/forks/mauwii/act-docker-images?icon=github&label=forks)](https://github.com/mauwii/act-docker-images/fork) -[![Github issues](https://badgen.net/github/issues/mauwii/act-docker-images/?icon=github&label=issues)](https://github.com/mauwii/act-docker-images/issues) -[![Github last-commit](https://badgen.net/github/last-commit/mauwii/act-docker-images/?color=blue&icon=github&label=last-commit)](https://github.com/mauwii/act-docker-images/commits/) - -[![ci](https://github.com/mauwii/act-docker-images/actions/workflows/ci.yml/badge.svg?branch=main&event=push)](https://github.com/mauwii/act-docker-images/actions/workflows/ci.yml) -[![Docker-Hub description](https://github.com/mauwii/act-docker-images/actions/workflows/dockerhub-description.yml/badge.svg?branch=main)](https://github.com/mauwii/act-docker-images/actions/workflows/dockerhub-description.yml) -[![MegaLinter](https://github.com/mauwii/act-docker-images/workflows/MegaLinter/badge.svg?branch=main)](https://github.com/mauwii/act-docker-images/actions?query=workflow%3AMegaLinter+branch%3Amain) +[![Docker Pulls](https://badgen.net/docker/pulls/mauwii/ubuntu-act?icon=docker&label=pulls)][dockerHub] +[![Docker Image Size](https://badgen.net/docker/size/mauwii/ubuntu-act?icon=docker&label=image%20size)][dockerHub] +[![Docker Stars](https://badgen.net/docker/stars/mauwii/ubuntu-act?icon=docker&label=stars)][dockerHub] +[![Github stars](https://badgen.net/github/stars/mauwii/act-docker-images?icon=github&label=stars)][githubRepo] +[![Github forks](https://badgen.net/github/forks/mauwii/act-docker-images?icon=github&label=forks)][githubFork] +[![Github issues](https://badgen.net/github/issues/mauwii/act-docker-images/?icon=github&label=issues)][githubIssues] +[![Github last-commit](https://badgen.net/github/last-commit/mauwii/act-docker-images/?color=blue&icon=github&label=last-commit)][githubCommits] + +[![ci](https://github.com/mauwii/act-docker-images/actions/workflows/ci.yml/badge.svg?branch=main&event=push)][workflowCi] +[![Docker-Hub description](https://github.com/mauwii/act-docker-images/actions/workflows/dockerhub-description.yml/badge.svg?branch=main)][workflowDhDesc] +[![MegaLinter](https://github.com/mauwii/act-docker-images/workflows/MegaLinter/badge.svg?branch=main&event=push)][workflowMegaLinter] ## ⚠️ Heavily under construction... ⚠️ @@ -18,16 +18,15 @@ ## What -The docker images in this repository can be used with [nektos/act](https://github.com/nektos/act), -which is a very handy tool to run your github workflows locally. +The docker images in this repository can be used with [nektos/act][nektosActRepo], which is a very +handy tool to run your github workflows locally. If you don't know it yet, I highly recommend to check it out 🤓 ## Why In the other Images I had problems with executing azure related tools, so I decided to create my own -image which is heavily inspired by the images of -[catthehacker](https://github.com/catthehacker/docker_images) +image which is heavily inspired by the images of [catthehacker][catthehackerImages] ## How to use @@ -42,8 +41,8 @@ The easiest way is to add those lines in your `~/.actrc`: -P ubuntu-20.04=mauwii/ubuntu-act:20.04 ``` -For further Informations about nektos/arc and how to use it, checkout the -[nektos documentation📖](https://nektosact.com/beginner/index.html) +For further Informations about nektos/arc and how to use it, checkout the [nektos +documentation📖][nektosDocs] ## How I run act on my M2-Max 💻 @@ -59,13 +58,6 @@ For further Informations about nektos/arc and how to use it, checkout the alias act='gh act -s GITHUB_TOKEN="$(gh auth token)"' ``` -- export DOCKER_HOST env - - ```bash - DOCKER_HOST=$(docker context inspect --format '{{.Endpoints.docker.Host}}') - export DOCKER_HOST - ``` - - Docker-Desktop settings: - Advanced: @@ -76,6 +68,23 @@ For further Informations about nektos/arc and how to use it, checkout the ✔️ All Beta Features enabled (containerd, wasm, rosetta and builds view) + - Docker Engine (`~/.docker/daemon.json`): + + ```json + { + "builder": { + "gc": { + "defaultKeepStorage": "20GB", + "enabled": true + } + }, + "experimental": true, + "features": { + "buildkit": true + } + } + ``` + - `~/.actrc`: ```text @@ -95,3 +104,21 @@ npx mega-linter-runner \ -e GITHUB_TOKEN="$(gh auth token)" \ --remove-container ``` + +[dockerHub]: https://hub.docker.com/r/mauwii/ubuntu-act/ "DockerHub" +[githubRepo]: https://github.com/mauwii/act-docker-images/ "GitHub repository" +[githubFork]: https://github.com/mauwii/act-docker-images/fork/ "GitHub forks" +[githubIssues]: https://github.com/mauwii/act-docker-images/issues/ "GitHub issues" +[githubCommits]: https://github.com/mauwii/act-docker-images/commits/ "GitHub commits" +[workflowCi]: https://github.com/mauwii/act-docker-images/actions/workflows/ci.yml "ci workflow" +[workflowDhDesc]: + https://github.com/mauwii/act-docker-images/actions/workflows/dockerhub-description.yml + "DockerHub Description Workflow" +[workflowMegaLinter]: + https://github.com/mauwii/act-docker-images/actions?query=workflow%3AMegaLinter+branch%3Amain + "MegaLinter Workflow" +[nektosActRepo]: https://github.com/nektos/act "nektos/act git repository" +[catthehackerImages]: + https://github.com/catthehacker/docker_images + "catthehacker/docker_images repo" +[nektosDocs]: https://nektosact.com/beginner/index.html "nektos/act docs" From dc36f43bc9c19f6c06550f9a24cf9e411b5a1c27 Mon Sep 17 00:00:00 2001 From: mauwii Date: Fri, 15 Sep 2023 17:29:48 +0200 Subject: [PATCH 07/53] remove broken extension from recommends --- .vscode/extensions.json | 1 - 1 file changed, 1 deletion(-) diff --git a/.vscode/extensions.json b/.vscode/extensions.json index cad83e6..0c1c037 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -1,6 +1,5 @@ { "recommendations": [ - "AquaSecurityOfficial.trivy-vulnerability-scanner", "editorconfig.editorconfig", "esbenp.prettier-vscode", "exiasr.hadolint", From a5bdb522310b0b733ce9a63ab8a75bca81cd5984 Mon Sep 17 00:00:00 2001 From: mauwii Date: Fri, 15 Sep 2023 17:48:48 +0200 Subject: [PATCH 08/53] set-safe-directory when checking out --- .github/workflows/mega-linter.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index b9991e1..e313737 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -37,6 +37,7 @@ jobs: - name: Checkout Code uses: actions/checkout@v3 with: + set-safe-directory: true # token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }} fetch-depth: 0 # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performances From f3efa163f8b7e02e5038c519388d6930ea72de14 Mon Sep 17 00:00:00 2001 From: mauwii Date: Fri, 15 Sep 2023 18:44:18 +0200 Subject: [PATCH 09/53] use fixed image in scout step --- .github/workflows/ci.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ed9e580..82627fd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -159,9 +159,10 @@ jobs: uses: docker/scout-action@v0.23.4 with: command: sbom,compare - image: ${{ steps.meta.outputs.tags }} + # image: ${{ steps.meta.outputs.tags }} # image: ${{ github.actor != 'nektos/act' && steps.meta.outputs.tags || format('{0}:{1}-{2}', env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} - to: ${{ format('{0}/{1}:{2}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version) }} + image: ${{ format('{0}:{1}-{2}', env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} + to: ${{ format('{0}/{1}:{2}-{3}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version, 'main') }} organization: ${{ vars.DOCKERHUB_USER }} ignore-unchanged: true only-severities: critical From dee5be7a72876dd367bc440505220a9676478b68 Mon Sep 17 00:00:00 2001 From: mauwii Date: Fri, 15 Sep 2023 19:24:55 +0200 Subject: [PATCH 10/53] good ol days when image names where image names --- .github/workflows/ci.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 82627fd..3f91346 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -98,7 +98,8 @@ jobs: uses: docker/metadata-action@v4.6.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} - images: ${{ github.actor != 'nektos/act' && format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) || env.IMAGE_REPOSITORY }} + # images: ${{ github.actor != 'nektos/act' && format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) || env.IMAGE_REPOSITORY }} + images: ${{ env.IMAGE_NAME }} tags: | type=sha,prefix=${{ matrix.from-version }}-,format=short,enable={{is_default_branch}},priority=1000 type=raw,value=${{ matrix.from-version }},enable={{is_default_branch}},priority=900 @@ -152,6 +153,10 @@ jobs: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY) }} + - run: docker image inspect "${IMAGE_NAME}" + env: + IMAGE_NAME: ${{ format('{0}:{1}-{2}', env.IMAGE_NAME, matrix.from-version, github.head_ref || github.ref_name) }} + # vulnerability scanning to verify PRs - name: Docker Scout id: docker-scout @@ -159,9 +164,9 @@ jobs: uses: docker/scout-action@v0.23.4 with: command: sbom,compare - # image: ${{ steps.meta.outputs.tags }} + image: ${{ steps.meta.outputs.tags }} # image: ${{ github.actor != 'nektos/act' && steps.meta.outputs.tags || format('{0}:{1}-{2}', env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} - image: ${{ format('{0}:{1}-{2}', env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} + # image: ${{ format('{0}:{1}-{2}', env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} to: ${{ format('{0}/{1}:{2}-{3}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version, 'main') }} organization: ${{ vars.DOCKERHUB_USER }} ignore-unchanged: true From eb50ba4c3d8e1b0e12bb3e3779136805b33730e8 Mon Sep 17 00:00:00 2001 From: mauwii Date: Fri, 15 Sep 2023 22:05:22 +0200 Subject: [PATCH 11/53] more image names --- .github/workflows/ci.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3f91346..ff52950 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -99,7 +99,10 @@ jobs: with: github-token: ${{ secrets.GITHUB_TOKEN }} # images: ${{ github.actor != 'nektos/act' && format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) || env.IMAGE_REPOSITORY }} - images: ${{ env.IMAGE_NAME }} + images: | + ${{ env.REGISTRY }}/${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }} + ${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }} + ${{ env.IMAGE_NAME }} tags: | type=sha,prefix=${{ matrix.from-version }}-,format=short,enable={{is_default_branch}},priority=1000 type=raw,value=${{ matrix.from-version }},enable={{is_default_branch}},priority=900 @@ -163,9 +166,9 @@ jobs: continue-on-error: true uses: docker/scout-action@v0.23.4 with: - command: sbom,compare - image: ${{ steps.meta.outputs.tags }} - # image: ${{ github.actor != 'nektos/act' && steps.meta.outputs.tags || format('{0}:{1}-{2}', env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} + command: ${{ github.ref == 'refs/heads/main' && 'sbom,compare' || 'compare' }} + image: ${{ github.actor != 'nektos/act' && steps.meta.outputs.tags || format('{0}:{1}-{2}', env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} + # image: ${{ steps.meta.outputs.tags }} # image: ${{ format('{0}:{1}-{2}', env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} to: ${{ format('{0}/{1}:{2}-{3}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version, 'main') }} organization: ${{ vars.DOCKERHUB_USER }} From 75cb06e4559df0d2abf53e7838f3c06df3b6ab87 Mon Sep 17 00:00:00 2001 From: mauwii Date: Fri, 15 Sep 2023 22:19:17 +0200 Subject: [PATCH 12/53] remove image without registry --- .github/workflows/ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ff52950..12f6de9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -102,7 +102,6 @@ jobs: images: | ${{ env.REGISTRY }}/${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }} ${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }} - ${{ env.IMAGE_NAME }} tags: | type=sha,prefix=${{ matrix.from-version }}-,format=short,enable={{is_default_branch}},priority=1000 type=raw,value=${{ matrix.from-version }},enable={{is_default_branch}},priority=900 From a7be94e9a69215ac7313e3d60c77301f70179b45 Mon Sep 17 00:00:00 2001 From: mauwii Date: Fri, 15 Sep 2023 22:28:13 +0200 Subject: [PATCH 13/53] remove debug step --- .github/workflows/ci.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 12f6de9..7eb528a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -155,10 +155,6 @@ jobs: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY) }} - - run: docker image inspect "${IMAGE_NAME}" - env: - IMAGE_NAME: ${{ format('{0}:{1}-{2}', env.IMAGE_NAME, matrix.from-version, github.head_ref || github.ref_name) }} - # vulnerability scanning to verify PRs - name: Docker Scout id: docker-scout From 5af189344a5967edfb6691d612350f0c3b4a443d Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 01:20:52 +0200 Subject: [PATCH 14/53] it works on my local --- .github/workflows/ci.yml | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7eb528a..d515d55 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,7 +23,6 @@ jobs: strategy: matrix: platforms: ['linux/amd64,linux/arm64'] - # platforms: ${{ github.event_name == 'pull_request' && fromJson(format('["{0}", "{1}"]', 'linux/amd64','linux/arm64')) || fromJson('["linux/amd64,linux/arm64"]') }} from-version: ['22.04', '20.04'] include: - from-version: '22.04' @@ -43,13 +42,12 @@ jobs: image: registry:2 ports: - 5000:5000 - # options: --entrypoint /bin/registry env: CACHE_FROM_REGISTRY: docker.io IMAGE_NAME: ${{ format('{0}-{1}', matrix.distro, matrix.from-flavor) }} IMAGE_REPOSITORY: ${{ format('{0}/{1}-{2}', vars.DOCKERHUB_USER || github.repository_owner, matrix.distro, matrix.from-flavor) }} SHA: ${{ github.event.pull_request.head.sha || github.event.after }} - REGISTRY: ${{ github.ref == 'refs/heads/main' && format('{0}', vars.DOCKERHUB_USER != '' && 'docker.io' || 'ghcr.io') || 'localhost:5000' }} + REGISTRY: ${{ github.ref != 'refs/heads/main' && 'localhost:5000' || (vars.DOCKERHUB_USER && 'docker.io' || 'ghcr.io') }} steps: - uses: actions/checkout@v4 @@ -98,16 +96,13 @@ jobs: uses: docker/metadata-action@v4.6.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} - # images: ${{ github.actor != 'nektos/act' && format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) || env.IMAGE_REPOSITORY }} - images: | - ${{ env.REGISTRY }}/${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }} - ${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }} + images: ${{ github.actor == 'nektos/act' && env.IMAGE_REPOSITORY || env.REGISTRY_IMAGE }} tags: | - type=sha,prefix=${{ matrix.from-version }}-,format=short,enable={{is_default_branch}},priority=1000 - type=raw,value=${{ matrix.from-version }},enable={{is_default_branch}},priority=900 + type=sha,prefix=${{ matrix.from-version }}-,format=short,enable=${{ github.ref == 'refs/heads/main' }},priority=1000 + type=raw,value=${{ matrix.from-version }},enable=${{ github.ref == 'refs/heads/main' }},priority=900 type=raw,value=${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }},priority=600 flavor: | - latest=${{ github.ref == format('refs/heads/{0}', 'main') && matrix.from-version == '22.04' }} + latest=${{ github.ref == 'refs/heads/main' && matrix.from-version == '22.04' }} labels: | org.opencontainers.image.authors=['${{ env.REPOSITORY_LINK }}','${{ github.actor }}'] org.opencontainers.image.description=${{ github.event.repository.description }} @@ -118,6 +113,7 @@ jobs: org.opencontainers.image.url=${{ env.REPOSITORY_LINK }}/blob/${{ env.SHA }}/linux/${{ matrix.distro }}/Dockerfile org.opencontainers.image.vendor=${{ github.repository_owner }} env: + REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} REPOSITORY_LINK: https://github.com/${{ github.repository }} # Build and push Docker image with Buildx (don't push on PR) @@ -133,6 +129,7 @@ jobs: platforms: ${{ matrix.platforms }} labels: ${{ steps.meta.outputs.labels }} tags: ${{ steps.meta.outputs.tags }} + # tags: ${{ format('{0}:{1}-{2}', github.actor != 'nektos/act' && env.REGISTRY_IMAGE || env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} build-args: | FROM_IMAGE=buildpack-deps FROM_VERSION_MAJOR=${{ matrix.from-version-major }} @@ -161,11 +158,10 @@ jobs: continue-on-error: true uses: docker/scout-action@v0.23.4 with: - command: ${{ github.ref == 'refs/heads/main' && 'sbom,compare' || 'compare' }} - image: ${{ github.actor != 'nektos/act' && steps.meta.outputs.tags || format('{0}:{1}-{2}', env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} - # image: ${{ steps.meta.outputs.tags }} - # image: ${{ format('{0}:{1}-{2}', env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} - to: ${{ format('{0}/{1}:{2}-{3}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version, 'main') }} + command: sbom,compare + image: ${{ steps.meta.outputs.tags }} + # image: ${{ github.actor == 'nektos/act' && env.IMAGE || env.REGISTRY_IMAGE }} + to: ${{ format('{0}/{1}:{2}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version) }} organization: ${{ vars.DOCKERHUB_USER }} ignore-unchanged: true only-severities: critical @@ -175,6 +171,9 @@ jobs: github-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-user: ${{ vars.DOCKERHUB_USER }} dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }} + env: + IMAGE: ${{ format('{0}:{1}-{2}', env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} + REGISTRY_IMAGE: ${{ format('{0}/{1}:{2}-{3}', env.REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} # ToDo: Move into a separate workflow and depend on ci and mega-linter approve-pr: From bedddb7c9ec306a529dcb8c5fe0695eb95b4cf3a Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 01:32:30 +0200 Subject: [PATCH 15/53] try to pull image manually --- .github/workflows/ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d515d55..6e181e1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -152,6 +152,10 @@ jobs: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY) }} + - name: pull image + if: github.actor == 'nektos/act' + run: docker pull ${{ env.REGISTRY }}/${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} + # vulnerability scanning to verify PRs - name: Docker Scout id: docker-scout From c61b8bb397bc1e5c2b6f6ee72423f9c6696afad0 Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 01:38:57 +0200 Subject: [PATCH 16/53] fix dependencie, add other debug step --- .github/workflows/ci.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6e181e1..b3c3def 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -152,8 +152,13 @@ jobs: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY) }} + - name: inspect image + continue-on-error: true + run: docker inspect ${{ steps.meta.outputs.tags }} + - name: pull image - if: github.actor == 'nektos/act' + continue-on-error: true + if: github.actor != 'nektos/act' run: docker pull ${{ env.REGISTRY }}/${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} # vulnerability scanning to verify PRs From 3e3ac36076c05c4177acd7acb43424cb7f8275c3 Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 01:51:03 +0200 Subject: [PATCH 17/53] set credentials for registry --- .github/workflows/ci.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b3c3def..b19c1bf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -42,6 +42,9 @@ jobs: image: registry:2 ports: - 5000:5000 + credentials: + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} env: CACHE_FROM_REGISTRY: docker.io IMAGE_NAME: ${{ format('{0}-{1}', matrix.distro, matrix.from-flavor) }} @@ -178,8 +181,8 @@ jobs: keep-previous-comments: true summary: ${{ github.actor != 'nektos/act' }} github-token: ${{ secrets.GITHUB_TOKEN }} - dockerhub-user: ${{ vars.DOCKERHUB_USER }} - dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }} + registry-user: ${{ github.repository_owner}} + registry-password: ${{ secrets.GITHUB_TOKEN }} env: IMAGE: ${{ format('{0}:{1}-{2}', env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} REGISTRY_IMAGE: ${{ format('{0}/{1}:{2}-{3}', env.REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} From bb4a6a47f5103faf9f6872570b9bae3e78f3deb4 Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 02:46:46 +0200 Subject: [PATCH 18/53] push if main, load if not --- .github/workflows/ci.yml | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b19c1bf..d4c6b53 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -149,21 +149,31 @@ jobs: # this will give us some useful information about the build provenance: mode=max # push if not building with act - push: ${{ github.actor != 'nektos/act' }} - load: ${{ github.actor == 'nektos/act' }} + push: ${{ github.ref == 'refs/heads/main' }} + load: ${{ github.ref != 'refs/heads/main' }} env: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY) }} - name: inspect image continue-on-error: true - run: docker inspect ${{ steps.meta.outputs.tags }} + run: docker inspect ${{ env.REGISTRY }}/${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} - name: pull image continue-on-error: true if: github.actor != 'nektos/act' run: docker pull ${{ env.REGISTRY }}/${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} + # - name: Run Trivy vulnerability scanner + # uses: aquasecurity/trivy-action@master + # with: + # image-ref: '${{ steps.meta.outputs.tags }}' + # format: 'table' + # exit-code: '1' + # ignore-unfixed: true + # vuln-type: 'os,library' + # severity: 'CRITICAL,HIGH' + # vulnerability scanning to verify PRs - name: Docker Scout id: docker-scout From dc8f6d3a9f772125906d93f39f4a9b3e326d398d Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 02:48:46 +0200 Subject: [PATCH 19/53] remove registry login --- .github/workflows/ci.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d4c6b53..8ad45d7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -42,9 +42,6 @@ jobs: image: registry:2 ports: - 5000:5000 - credentials: - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} env: CACHE_FROM_REGISTRY: docker.io IMAGE_NAME: ${{ format('{0}-{1}', matrix.distro, matrix.from-flavor) }} @@ -191,8 +188,6 @@ jobs: keep-previous-comments: true summary: ${{ github.actor != 'nektos/act' }} github-token: ${{ secrets.GITHUB_TOKEN }} - registry-user: ${{ github.repository_owner}} - registry-password: ${{ secrets.GITHUB_TOKEN }} env: IMAGE: ${{ format('{0}:{1}-{2}', env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} REGISTRY_IMAGE: ${{ format('{0}/{1}:{2}-{3}', env.REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} From a1336d757b30987ed336c46220c7c90e1e9f410f Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 02:55:48 +0200 Subject: [PATCH 20/53] use outputs type=image --- .github/workflows/ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8ad45d7..f2d750c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -147,7 +147,8 @@ jobs: provenance: mode=max # push if not building with act push: ${{ github.ref == 'refs/heads/main' }} - load: ${{ github.ref != 'refs/heads/main' }} + # load: ${{ github.ref != 'refs/heads/main' }} + outputs: type=image,name=${{ steps.meta.outputs.tags }} env: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY) }} From cee4c864891111960630e9e04ad0e3721174194a Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 02:58:33 +0200 Subject: [PATCH 21/53] back to always push but not nektos --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f2d750c..57cd385 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -146,7 +146,7 @@ jobs: # this will give us some useful information about the build provenance: mode=max # push if not building with act - push: ${{ github.ref == 'refs/heads/main' }} + push: ${{ github.actor != 'nektos/act' }} # load: ${{ github.ref != 'refs/heads/main' }} outputs: type=image,name=${{ steps.meta.outputs.tags }} env: From c5490891fb6eeb61a8c8afdc031b8dfe16d800ca Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 03:33:53 +0200 Subject: [PATCH 22/53] single arch if not default branch --- .cspell.json | 34 +++++++++++++++++++--------------- .github/workflows/ci.yml | 8 ++++---- 2 files changed, 23 insertions(+), 19 deletions(-) diff --git a/.cspell.json b/.cspell.json index fa7ed14..6d5d6f1 100644 --- a/.cspell.json +++ b/.cspell.json @@ -9,21 +9,12 @@ ], "language": "en,en-GB", "words": [ - "ASPNET", - "BASEPATH", - "CODEOWNERS", - "MARKDOWNLINT", - "NOLOGO", - "ONBUILD", - "OPTOUT", - "Sfrg", - "TOOLSDIRECTORY", - "WORKDIR", - "XMLDOC", - "Zrmnxj", "actrc", "aliyun", + "aquasecurity", + "ASPNET", "automake", + "BASEPATH", "binutils", "brotli", "buildkit", @@ -31,6 +22,7 @@ "buildx", "catthehacker", "cmdline", + "CODEOWNERS", "commandlinetools", "containerd", "coreutils", @@ -74,6 +66,7 @@ "libxkbfile", "libxss", "libyaml", + "MARKDOWNLINT", "mauwii", "mediainfo", "mediatypes", @@ -82,11 +75,14 @@ "nbgv", "nektos", "netcat", + "NOLOGO", "noninteractive", "noto", "nupkg", "oldci", + "ONBUILD", "opencontainers", + "OPTOUT", "patchelf", "pigz", "pipefail", @@ -95,6 +91,7 @@ "pwsh", "quickview", "rubygems", + "Sfrg", "shellcheck", "singlearch", "sphinxsearch", @@ -102,16 +99,23 @@ "stefanzweifel", "targetproc", "texinfo", - "trivy", - "trivyignore", "toolcache", + "TOOLSDIRECTORY", "toolsets", + "trivy", + "trivyignore", "tzdata", "vercel", + "vuln", + "WORKDIR", + "XMLDOC", "xorriso", "xvfb", + "Zrmnxj", "zstd", "zsync" ], - "enableFiletypes": ["github-actions-workflow"] + "enableFiletypes": [ + "github-actions-workflow" + ] } diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 57cd385..1cb7ce3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - platforms: ['linux/amd64,linux/arm64'] + platforms: ${{ github.ref != 'refs/heads/main' && fromJson(format('["{0}", "{1}"]', 'linux/amd64','linux/arm64')) || fromJson('["linux/amd64,linux/arm64"]') }} from-version: ['22.04', '20.04'] include: - from-version: '22.04' @@ -146,9 +146,9 @@ jobs: # this will give us some useful information about the build provenance: mode=max # push if not building with act - push: ${{ github.actor != 'nektos/act' }} - # load: ${{ github.ref != 'refs/heads/main' }} - outputs: type=image,name=${{ steps.meta.outputs.tags }} + push: ${{ github.ref == 'refs/heads/main' }} + load: ${{ github.ref != 'refs/heads/main' }} + # outputs: type=image,name=${{ steps.meta.outputs.tags }} env: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY) }} From d917751b5c99dcb067c9c925435812efbb9bdadc Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 03:40:29 +0200 Subject: [PATCH 23/53] manual build --- .github/workflows/ci.yml | 75 +++++++++++++++++++++------------------- 1 file changed, 39 insertions(+), 36 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1cb7ce3..06fd212 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -116,42 +116,45 @@ jobs: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} REPOSITORY_LINK: https://github.com/${{ github.repository }} - # Build and push Docker image with Buildx (don't push on PR) - # https://github.com/docker/build-push-action - - name: Build and push - id: build - uses: docker/build-push-action@v4 - with: - context: . - # github-token for the repository context - github-token: ${{ secrets.GITHUB_TOKEN }} - file: ./linux/${{ matrix.distro }}/Dockerfile - platforms: ${{ matrix.platforms }} - labels: ${{ steps.meta.outputs.labels }} - tags: ${{ steps.meta.outputs.tags }} - # tags: ${{ format('{0}:{1}-{2}', github.actor != 'nektos/act' && env.REGISTRY_IMAGE || env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} - build-args: | - FROM_IMAGE=buildpack-deps - FROM_VERSION_MAJOR=${{ matrix.from-version-major }} - FROM_VERSION_MINOR=${{ matrix.from-version-minor }} - FROM_FLAVOR=${{ matrix.from-flavor }} - DISTRO=${{ matrix.distro }} - CODENAME=${{ matrix.codename }} - # caching to speed up the build - cache-from: | - ${{ format('type=registry,ref={0}:{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.from-version) }} - ${{ format('type=registry,ref={0}:cache-{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.codename) }} - # don't export cache on PR - cache-to: ${{ github.ref == 'refs/heads/main' && format('type=registry,ref={0}:cache-{1},mode=max', env.REGISTRY_IMAGE, matrix.codename) || '' }} - # this will give us some useful information about the build - provenance: mode=max - # push if not building with act - push: ${{ github.ref == 'refs/heads/main' }} - load: ${{ github.ref != 'refs/heads/main' }} - # outputs: type=image,name=${{ steps.meta.outputs.tags }} - env: - REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} - CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY) }} + - name: build image + run: docker build -t ${{ env.REGISTRY }}/${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} -f linux/${{ matrix.distro }}/Dockerfile . + + # # Build and push Docker image with Buildx (don't push on PR) + # # https://github.com/docker/build-push-action + # - name: Build and push + # id: build + # uses: docker/build-push-action@v4 + # with: + # context: . + # # github-token for the repository context + # github-token: ${{ secrets.GITHUB_TOKEN }} + # file: ./linux/${{ matrix.distro }}/Dockerfile + # platforms: ${{ matrix.platforms }} + # labels: ${{ steps.meta.outputs.labels }} + # tags: ${{ steps.meta.outputs.tags }} + # # tags: ${{ format('{0}:{1}-{2}', github.actor != 'nektos/act' && env.REGISTRY_IMAGE || env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} + # build-args: | + # FROM_IMAGE=buildpack-deps + # FROM_VERSION_MAJOR=${{ matrix.from-version-major }} + # FROM_VERSION_MINOR=${{ matrix.from-version-minor }} + # FROM_FLAVOR=${{ matrix.from-flavor }} + # DISTRO=${{ matrix.distro }} + # CODENAME=${{ matrix.codename }} + # # caching to speed up the build + # cache-from: | + # ${{ format('type=registry,ref={0}:{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.from-version) }} + # ${{ format('type=registry,ref={0}:cache-{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.codename) }} + # # don't export cache on PR + # cache-to: ${{ github.ref == 'refs/heads/main' && format('type=registry,ref={0}:cache-{1},mode=max', env.REGISTRY_IMAGE, matrix.codename) || '' }} + # # this will give us some useful information about the build + # provenance: mode=max + # # push if not building with act + # push: ${{ github.ref == 'refs/heads/main' }} + # load: ${{ github.ref != 'refs/heads/main' }} + # # outputs: type=image,name=${{ steps.meta.outputs.tags }} + # env: + # REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} + # CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY) }} - name: inspect image continue-on-error: true From 477df7317699ed04db9837a866c549c18025bb58 Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 03:48:46 +0200 Subject: [PATCH 24/53] add --load --- .github/workflows/ci.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 06fd212..a4a1bb7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -117,7 +117,12 @@ jobs: REPOSITORY_LINK: https://github.com/${{ github.repository }} - name: build image - run: docker build -t ${{ env.REGISTRY }}/${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} -f linux/${{ matrix.distro }}/Dockerfile . + run: >- + docker build + -t ${{ env.REGISTRY }}/${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} + -f linux/${{ matrix.distro }}/Dockerfile + --load + . # # Build and push Docker image with Buildx (don't push on PR) # # https://github.com/docker/build-push-action From 8e1c366403f2a537c15798aa3241fbd1ff39fa51 Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 04:06:38 +0200 Subject: [PATCH 25/53] try multiarch with manual build command --- .github/workflows/ci.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a4a1bb7..ddfe0d1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,7 +22,8 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - platforms: ${{ github.ref != 'refs/heads/main' && fromJson(format('["{0}", "{1}"]', 'linux/amd64','linux/arm64')) || fromJson('["linux/amd64,linux/arm64"]') }} + platforms: ['linux/amd64,linux/arm64'] + # platforms: ${{ github.ref != 'refs/heads/main' && fromJson(format('["{0}", "{1}"]', 'linux/amd64','linux/arm64')) || fromJson('["linux/amd64,linux/arm64"]') }} from-version: ['22.04', '20.04'] include: - from-version: '22.04' @@ -122,7 +123,12 @@ jobs: -t ${{ env.REGISTRY }}/${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} -f linux/${{ matrix.distro }}/Dockerfile --load + --cache-from ${{ format('type=registry,ref={0}:{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.from-version) }} + --cache-from ${{ format('type=registry,ref={0}:cache-{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.codename) }} . + env: + REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} + CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY) }} # # Build and push Docker image with Buildx (don't push on PR) # # https://github.com/docker/build-push-action From 7bebb809ac6d7c95d6f44d77d068ba90a30c73cc Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 04:38:40 +0200 Subject: [PATCH 26/53] add more parameters to build command --- .cspell.json | 4 +--- .github/workflows/ci.yml | 35 +++++++++++++++++++++-------------- .mega-linter.yml | 2 +- 3 files changed, 23 insertions(+), 18 deletions(-) diff --git a/.cspell.json b/.cspell.json index 6d5d6f1..56a831a 100644 --- a/.cspell.json +++ b/.cspell.json @@ -115,7 +115,5 @@ "zstd", "zsync" ], - "enableFiletypes": [ - "github-actions-workflow" - ] + "enableFiletypes": ["github-actions-workflow"] } diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ddfe0d1..f130a74 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -117,19 +117,6 @@ jobs: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} REPOSITORY_LINK: https://github.com/${{ github.repository }} - - name: build image - run: >- - docker build - -t ${{ env.REGISTRY }}/${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} - -f linux/${{ matrix.distro }}/Dockerfile - --load - --cache-from ${{ format('type=registry,ref={0}:{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.from-version) }} - --cache-from ${{ format('type=registry,ref={0}:cache-{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.codename) }} - . - env: - REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} - CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY) }} - # # Build and push Docker image with Buildx (don't push on PR) # # https://github.com/docker/build-push-action # - name: Build and push @@ -167,6 +154,26 @@ jobs: # REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} # CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY) }} + - name: build image + run: >- + docker buildx build + --tag ${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} + --file linux/${{ matrix.distro }}/Dockerfile + --load + --cache-from ${{ format('type=registry,ref={0}:{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.from-version) }} + --cache-from ${{ format('type=registry,ref={0}:cache-{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.codename) }} + --build-arg FROM_IMAGE=buildpack-deps + --build-arg FROM_VERSION_MAJOR=${{ matrix.from-version-major }} + --build-arg FROM_VERSION_MINOR=${{ matrix.from-version-minor }} + --build-arg FROM_FLAVOR=${{ matrix.from-flavor }} + --build-arg DISTRO=${{ matrix.distro }} + --build-arg CODENAME=${{ matrix.codename }} + --attest type=sbom + . + env: + REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} + CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY) }} + - name: inspect image continue-on-error: true run: docker inspect ${{ env.REGISTRY }}/${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} @@ -193,7 +200,7 @@ jobs: uses: docker/scout-action@v0.23.4 with: command: sbom,compare - image: ${{ steps.meta.outputs.tags }} + image: ${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} # image: ${{ github.actor == 'nektos/act' && env.IMAGE || env.REGISTRY_IMAGE }} to: ${{ format('{0}/{1}:{2}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version) }} organization: ${{ vars.DOCKERHUB_USER }} diff --git a/.mega-linter.yml b/.mega-linter.yml index 6ae7e39..85e8493 100644 --- a/.mega-linter.yml +++ b/.mega-linter.yml @@ -10,7 +10,7 @@ APPLY_FIXES: all # all, none, or list of linter keys SHOW_ELAPSED_TIME: true FILEIO_REPORTER: false # DISABLE_ERRORS: true # Uncomment if you want MegaLinter to detect errors but not block CI to pass -FILTER_REGEX_EXCLUDE: '(megalinter-reports/)' +# FILTER_REGEX_EXCLUDE: '(\.*/megalinter-reports/\.*)' YAML_V8R_FILTER_REGEX_EXCLUDE: '(\.prettierrc\.yaml)' VALIDATE_ALL_CODEBASE: true SPELL_LYCHEE_FILTER_REGEX_EXCLUDE: '(.github/workflows|\.mega-linter\.yml)' From 4bf238de6467fbf84f0161618ff0a6bd5d68e85a Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 04:41:07 +0200 Subject: [PATCH 27/53] use docker build --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f130a74..7e5c3a7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -156,7 +156,7 @@ jobs: - name: build image run: >- - docker buildx build + docker build --tag ${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} --file linux/${{ matrix.distro }}/Dockerfile --load From c46021b9d34ee3490df927ad4297d5726aa2b649 Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 04:43:42 +0200 Subject: [PATCH 28/53] remove sbom attestation --- .github/workflows/ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7e5c3a7..b6c1b78 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -168,7 +168,6 @@ jobs: --build-arg FROM_FLAVOR=${{ matrix.from-flavor }} --build-arg DISTRO=${{ matrix.distro }} --build-arg CODENAME=${{ matrix.codename }} - --attest type=sbom . env: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} From 75a422124e401b1260a9699a8c29928b392f42fe Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 04:54:24 +0200 Subject: [PATCH 29/53] retry with build-push-action --- .github/workflows/ci.yml | 108 +++++++++++++++++++-------------------- 1 file changed, 54 insertions(+), 54 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b6c1b78..ea643ba 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -117,70 +117,70 @@ jobs: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} REPOSITORY_LINK: https://github.com/${{ github.repository }} - # # Build and push Docker image with Buildx (don't push on PR) - # # https://github.com/docker/build-push-action - # - name: Build and push - # id: build - # uses: docker/build-push-action@v4 - # with: - # context: . - # # github-token for the repository context - # github-token: ${{ secrets.GITHUB_TOKEN }} - # file: ./linux/${{ matrix.distro }}/Dockerfile - # platforms: ${{ matrix.platforms }} - # labels: ${{ steps.meta.outputs.labels }} - # tags: ${{ steps.meta.outputs.tags }} - # # tags: ${{ format('{0}:{1}-{2}', github.actor != 'nektos/act' && env.REGISTRY_IMAGE || env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} - # build-args: | - # FROM_IMAGE=buildpack-deps - # FROM_VERSION_MAJOR=${{ matrix.from-version-major }} - # FROM_VERSION_MINOR=${{ matrix.from-version-minor }} - # FROM_FLAVOR=${{ matrix.from-flavor }} - # DISTRO=${{ matrix.distro }} - # CODENAME=${{ matrix.codename }} - # # caching to speed up the build - # cache-from: | - # ${{ format('type=registry,ref={0}:{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.from-version) }} - # ${{ format('type=registry,ref={0}:cache-{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.codename) }} - # # don't export cache on PR - # cache-to: ${{ github.ref == 'refs/heads/main' && format('type=registry,ref={0}:cache-{1},mode=max', env.REGISTRY_IMAGE, matrix.codename) || '' }} - # # this will give us some useful information about the build - # provenance: mode=max - # # push if not building with act - # push: ${{ github.ref == 'refs/heads/main' }} - # load: ${{ github.ref != 'refs/heads/main' }} - # # outputs: type=image,name=${{ steps.meta.outputs.tags }} - # env: - # REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} - # CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY) }} - - - name: build image - run: >- - docker build - --tag ${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} - --file linux/${{ matrix.distro }}/Dockerfile - --load - --cache-from ${{ format('type=registry,ref={0}:{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.from-version) }} - --cache-from ${{ format('type=registry,ref={0}:cache-{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.codename) }} - --build-arg FROM_IMAGE=buildpack-deps - --build-arg FROM_VERSION_MAJOR=${{ matrix.from-version-major }} - --build-arg FROM_VERSION_MINOR=${{ matrix.from-version-minor }} - --build-arg FROM_FLAVOR=${{ matrix.from-flavor }} - --build-arg DISTRO=${{ matrix.distro }} - --build-arg CODENAME=${{ matrix.codename }} - . + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push + id: build + uses: docker/build-push-action@v4 + with: + context: . + # github-token for the repository context + github-token: ${{ secrets.GITHUB_TOKEN }} + file: ./linux/${{ matrix.distro }}/Dockerfile + platforms: ${{ matrix.platforms }} + labels: ${{ steps.meta.outputs.labels }} + tags: ${{ steps.meta.outputs.tags }} + # tags: ${{ format('{0}:{1}-{2}', github.actor != 'nektos/act' && env.REGISTRY_IMAGE || env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} + build-args: | + FROM_IMAGE=buildpack-deps + FROM_VERSION_MAJOR=${{ matrix.from-version-major }} + FROM_VERSION_MINOR=${{ matrix.from-version-minor }} + FROM_FLAVOR=${{ matrix.from-flavor }} + DISTRO=${{ matrix.distro }} + CODENAME=${{ matrix.codename }} + # caching to speed up the build + cache-from: | + ${{ format('type=registry,ref={0}:{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.from-version) }} + ${{ format('type=registry,ref={0}:cache-{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.codename) }} + # don't export cache on PR + cache-to: ${{ github.ref == 'refs/heads/main' && format('type=registry,ref={0}:cache-{1},mode=max', env.REGISTRY_IMAGE, matrix.codename) || '' }} + # this will give us some useful information about the build + # provenance: mode=max + # push if not building with act + push: ${{ github.ref == 'refs/heads/main' }} + load: ${{ github.ref != 'refs/heads/main' }} + # outputs: type=image,name=${{ steps.meta.outputs.tags }} env: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY) }} + # - name: build image + # run: >- + # docker build + # --tag ${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} + # --file linux/${{ matrix.distro }}/Dockerfile + # --load + # --cache-from ${{ format('type=registry,ref={0}:{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.from-version) }} + # --cache-from ${{ format('type=registry,ref={0}:cache-{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.codename) }} + # --build-arg FROM_IMAGE=buildpack-deps + # --build-arg FROM_VERSION_MAJOR=${{ matrix.from-version-major }} + # --build-arg FROM_VERSION_MINOR=${{ matrix.from-version-minor }} + # --build-arg FROM_FLAVOR=${{ matrix.from-flavor }} + # --build-arg DISTRO=${{ matrix.distro }} + # --build-arg CODENAME=${{ matrix.codename }} + # . + # env: + # REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} + # CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY) }} + - name: inspect image continue-on-error: true - run: docker inspect ${{ env.REGISTRY }}/${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} + run: docker inspect ${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} - name: pull image continue-on-error: true if: github.actor != 'nektos/act' - run: docker pull ${{ env.REGISTRY }}/${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} + run: docker pull ${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} # - name: Run Trivy vulnerability scanner # uses: aquasecurity/trivy-action@master From adda10df4002cdce6ebfe76943b4000b756795ae Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 05:00:03 +0200 Subject: [PATCH 30/53] disable labels --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ea643ba..c5c6a82 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -128,7 +128,7 @@ jobs: github-token: ${{ secrets.GITHUB_TOKEN }} file: ./linux/${{ matrix.distro }}/Dockerfile platforms: ${{ matrix.platforms }} - labels: ${{ steps.meta.outputs.labels }} + # labels: ${{ steps.meta.outputs.labels }} tags: ${{ steps.meta.outputs.tags }} # tags: ${{ format('{0}:{1}-{2}', github.actor != 'nektos/act' && env.REGISTRY_IMAGE || env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} build-args: | From 6ec04611f7c80b58138fa9efbe52b1c9a90e5277 Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 05:03:23 +0200 Subject: [PATCH 31/53] stick with manual build step --- .github/workflows/ci.yml | 82 ++++++++-------------------------------- 1 file changed, 15 insertions(+), 67 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c5c6a82..583a6b4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -117,81 +117,29 @@ jobs: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} REPOSITORY_LINK: https://github.com/${{ github.repository }} - # Build and push Docker image with Buildx (don't push on PR) - # https://github.com/docker/build-push-action - - name: Build and push - id: build - uses: docker/build-push-action@v4 - with: - context: . - # github-token for the repository context - github-token: ${{ secrets.GITHUB_TOKEN }} - file: ./linux/${{ matrix.distro }}/Dockerfile - platforms: ${{ matrix.platforms }} - # labels: ${{ steps.meta.outputs.labels }} - tags: ${{ steps.meta.outputs.tags }} - # tags: ${{ format('{0}:{1}-{2}', github.actor != 'nektos/act' && env.REGISTRY_IMAGE || env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} - build-args: | - FROM_IMAGE=buildpack-deps - FROM_VERSION_MAJOR=${{ matrix.from-version-major }} - FROM_VERSION_MINOR=${{ matrix.from-version-minor }} - FROM_FLAVOR=${{ matrix.from-flavor }} - DISTRO=${{ matrix.distro }} - CODENAME=${{ matrix.codename }} - # caching to speed up the build - cache-from: | - ${{ format('type=registry,ref={0}:{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.from-version) }} - ${{ format('type=registry,ref={0}:cache-{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.codename) }} - # don't export cache on PR - cache-to: ${{ github.ref == 'refs/heads/main' && format('type=registry,ref={0}:cache-{1},mode=max', env.REGISTRY_IMAGE, matrix.codename) || '' }} - # this will give us some useful information about the build - # provenance: mode=max - # push if not building with act - push: ${{ github.ref == 'refs/heads/main' }} - load: ${{ github.ref != 'refs/heads/main' }} - # outputs: type=image,name=${{ steps.meta.outputs.tags }} + - name: build image + run: >- + docker build + --tag ${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} + --file linux/${{ matrix.distro }}/Dockerfile + --load + --cache-from ${{ format('type=registry,ref={0}:{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.from-version) }} + --cache-from ${{ format('type=registry,ref={0}:cache-{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.codename) }} + --build-arg FROM_IMAGE=buildpack-deps + --build-arg FROM_VERSION_MAJOR=${{ matrix.from-version-major }} + --build-arg FROM_VERSION_MINOR=${{ matrix.from-version-minor }} + --build-arg FROM_FLAVOR=${{ matrix.from-flavor }} + --build-arg DISTRO=${{ matrix.distro }} + --build-arg CODENAME=${{ matrix.codename }} + . env: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY) }} - # - name: build image - # run: >- - # docker build - # --tag ${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} - # --file linux/${{ matrix.distro }}/Dockerfile - # --load - # --cache-from ${{ format('type=registry,ref={0}:{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.from-version) }} - # --cache-from ${{ format('type=registry,ref={0}:cache-{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.codename) }} - # --build-arg FROM_IMAGE=buildpack-deps - # --build-arg FROM_VERSION_MAJOR=${{ matrix.from-version-major }} - # --build-arg FROM_VERSION_MINOR=${{ matrix.from-version-minor }} - # --build-arg FROM_FLAVOR=${{ matrix.from-flavor }} - # --build-arg DISTRO=${{ matrix.distro }} - # --build-arg CODENAME=${{ matrix.codename }} - # . - # env: - # REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} - # CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY) }} - - name: inspect image continue-on-error: true run: docker inspect ${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} - - name: pull image - continue-on-error: true - if: github.actor != 'nektos/act' - run: docker pull ${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} - - # - name: Run Trivy vulnerability scanner - # uses: aquasecurity/trivy-action@master - # with: - # image-ref: '${{ steps.meta.outputs.tags }}' - # format: 'table' - # exit-code: '1' - # ignore-unfixed: true - # vuln-type: 'os,library' - # severity: 'CRITICAL,HIGH' - # vulnerability scanning to verify PRs - name: Docker Scout id: docker-scout From 68a7e3ef4b827647777706559590c0ee0e07ed1d Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 05:17:26 +0200 Subject: [PATCH 32/53] push main, load others --- .github/workflows/ci.yml | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 583a6b4..a06e07c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -38,17 +38,12 @@ jobs: distro: 'ubuntu' codename: 'focal' from-flavor: 'act' - services: - registry: - image: registry:2 - ports: - - 5000:5000 env: CACHE_FROM_REGISTRY: docker.io IMAGE_NAME: ${{ format('{0}-{1}', matrix.distro, matrix.from-flavor) }} IMAGE_REPOSITORY: ${{ format('{0}/{1}-{2}', vars.DOCKERHUB_USER || github.repository_owner, matrix.distro, matrix.from-flavor) }} SHA: ${{ github.event.pull_request.head.sha || github.event.after }} - REGISTRY: ${{ github.ref != 'refs/heads/main' && 'localhost:5000' || (vars.DOCKERHUB_USER && 'docker.io' || 'ghcr.io') }} + REGISTRY: ${{ vars.DOCKERHUB_USER && 'docker.io' || 'ghcr.io' }} steps: - uses: actions/checkout@v4 @@ -120,9 +115,9 @@ jobs: - name: build image run: >- docker build - --tag ${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} + --tag ${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} --file linux/${{ matrix.distro }}/Dockerfile - --load + ${{ github.ref == 'refs/heads/main' && '--push' || '--load' }} --cache-from ${{ format('type=registry,ref={0}:{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.from-version) }} --cache-from ${{ format('type=registry,ref={0}:cache-{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.codename) }} --build-arg FROM_IMAGE=buildpack-deps @@ -138,7 +133,7 @@ jobs: - name: inspect image continue-on-error: true - run: docker inspect ${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} + run: docker inspect ${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} # vulnerability scanning to verify PRs - name: Docker Scout @@ -146,8 +141,8 @@ jobs: continue-on-error: true uses: docker/scout-action@v0.23.4 with: - command: sbom,compare - image: ${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} + command: ${{github.ref == '/refs/heads/main' && 'sbom,' }}compare + image: ${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} # image: ${{ github.actor == 'nektos/act' && env.IMAGE || env.REGISTRY_IMAGE }} to: ${{ format('{0}/{1}:{2}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version) }} organization: ${{ vars.DOCKERHUB_USER }} From da68498f0f2438b7cc5004fa956fd71351ce0866 Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 05:18:33 +0200 Subject: [PATCH 33/53] sbom for main, compare if other --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a06e07c..80dacf7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -141,7 +141,7 @@ jobs: continue-on-error: true uses: docker/scout-action@v0.23.4 with: - command: ${{github.ref == '/refs/heads/main' && 'sbom,' }}compare + command: ${{github.ref == '/refs/heads/main' && 'sbom' || 'compare' }} image: ${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} # image: ${{ github.actor == 'nektos/act' && env.IMAGE || env.REGISTRY_IMAGE }} to: ${{ format('{0}/{1}:{2}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version) }} From a2972a4eddf099d1e7be502d8fe4bdd34ecbb63e Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 05:31:20 +0200 Subject: [PATCH 34/53] add env.IMAGE_TAG --- .github/workflows/ci.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 80dacf7..e3b0eec 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -43,6 +43,7 @@ jobs: IMAGE_NAME: ${{ format('{0}-{1}', matrix.distro, matrix.from-flavor) }} IMAGE_REPOSITORY: ${{ format('{0}/{1}-{2}', vars.DOCKERHUB_USER || github.repository_owner, matrix.distro, matrix.from-flavor) }} SHA: ${{ github.event.pull_request.head.sha || github.event.after }} + IMAGE_TAG: ${{ format('{0}-{1}:{2}-{3}', matrix.distro, matrix.from-flavor, matrix.from-version, github.head_ref || github.ref_name) }} REGISTRY: ${{ vars.DOCKERHUB_USER && 'docker.io' || 'ghcr.io' }} steps: - uses: actions/checkout@v4 @@ -115,7 +116,7 @@ jobs: - name: build image run: >- docker build - --tag ${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} + --tag ${{ env.IMAGE_TAG }} --file linux/${{ matrix.distro }}/Dockerfile ${{ github.ref == 'refs/heads/main' && '--push' || '--load' }} --cache-from ${{ format('type=registry,ref={0}:{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.from-version) }} @@ -133,7 +134,7 @@ jobs: - name: inspect image continue-on-error: true - run: docker inspect ${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} + run: docker inspect ${{ env.IMAGE_TAG }} # vulnerability scanning to verify PRs - name: Docker Scout @@ -142,7 +143,8 @@ jobs: uses: docker/scout-action@v0.23.4 with: command: ${{github.ref == '/refs/heads/main' && 'sbom' || 'compare' }} - image: ${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} + image: ${{ env.IMAGE_TAG }} + # image: ${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} # image: ${{ github.actor == 'nektos/act' && env.IMAGE || env.REGISTRY_IMAGE }} to: ${{ format('{0}/{1}:{2}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version) }} organization: ${{ vars.DOCKERHUB_USER }} From 870195459b1125e5318a234845a6dfc975a1f722 Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 05:41:41 +0200 Subject: [PATCH 35/53] split archs if not main --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e3b0eec..96fea23 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,8 +22,8 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - platforms: ['linux/amd64,linux/arm64'] - # platforms: ${{ github.ref != 'refs/heads/main' && fromJson(format('["{0}", "{1}"]', 'linux/amd64','linux/arm64')) || fromJson('["linux/amd64,linux/arm64"]') }} + # platforms: ['linux/amd64,linux/arm64'] + platforms: ${{ github.ref == 'refs/heads/main' && fromJson('["linux/amd64,linux/arm64"]') || fromJson(format('["{0}", "{1}"]', 'linux/amd64','linux/arm64')) }} from-version: ['22.04', '20.04'] include: - from-version: '22.04' From 06f80d695c08e00762fbcf3ed124f663d39b2b32 Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 05:59:54 +0200 Subject: [PATCH 36/53] use FROM_TAG and TO_TAG --- .github/workflows/ci.yml | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 96fea23..57b2235 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,11 +39,11 @@ jobs: codename: 'focal' from-flavor: 'act' env: - CACHE_FROM_REGISTRY: docker.io IMAGE_NAME: ${{ format('{0}-{1}', matrix.distro, matrix.from-flavor) }} IMAGE_REPOSITORY: ${{ format('{0}/{1}-{2}', vars.DOCKERHUB_USER || github.repository_owner, matrix.distro, matrix.from-flavor) }} SHA: ${{ github.event.pull_request.head.sha || github.event.after }} - IMAGE_TAG: ${{ format('{0}-{1}:{2}-{3}', matrix.distro, matrix.from-flavor, matrix.from-version, github.head_ref || github.ref_name) }} + FROM_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}-{5}', 'docker.io', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version, github.head_ref || github.ref_name) }} + TO_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}', 'docker.io', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version) }} REGISTRY: ${{ vars.DOCKERHUB_USER && 'docker.io' || 'ghcr.io' }} steps: - uses: actions/checkout@v4 @@ -116,11 +116,11 @@ jobs: - name: build image run: >- docker build - --tag ${{ env.IMAGE_TAG }} + --tag ${{ env.FROM_TAG }} --file linux/${{ matrix.distro }}/Dockerfile ${{ github.ref == 'refs/heads/main' && '--push' || '--load' }} - --cache-from ${{ format('type=registry,ref={0}:{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.from-version) }} - --cache-from ${{ format('type=registry,ref={0}:cache-{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.codename) }} + --cache-from ${{ format('type=registry,ref={0}:{1}', env.REGISTRY_IMAGE, matrix.from-version) }} + --cache-from ${{ format('type=registry,ref={0}:cache-{1}', env.REGISTRY_IMAGE, matrix.codename) }} --build-arg FROM_IMAGE=buildpack-deps --build-arg FROM_VERSION_MAJOR=${{ matrix.from-version-major }} --build-arg FROM_VERSION_MINOR=${{ matrix.from-version-minor }} @@ -130,11 +130,11 @@ jobs: . env: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} - CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY) }} + CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} - name: inspect image continue-on-error: true - run: docker inspect ${{ env.IMAGE_TAG }} + run: docker inspect ${{ env.FROM_TAG }} # vulnerability scanning to verify PRs - name: Docker Scout @@ -143,10 +143,8 @@ jobs: uses: docker/scout-action@v0.23.4 with: command: ${{github.ref == '/refs/heads/main' && 'sbom' || 'compare' }} - image: ${{ env.IMAGE_TAG }} - # image: ${{ env.IMAGE_NAME }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }} - # image: ${{ github.actor == 'nektos/act' && env.IMAGE || env.REGISTRY_IMAGE }} - to: ${{ format('{0}/{1}:{2}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version) }} + image: ${{ env.FROM_TAG }} + to: ${{ env.TO_TAG }} organization: ${{ vars.DOCKERHUB_USER }} ignore-unchanged: true only-severities: critical @@ -154,9 +152,6 @@ jobs: keep-previous-comments: true summary: ${{ github.actor != 'nektos/act' }} github-token: ${{ secrets.GITHUB_TOKEN }} - env: - IMAGE: ${{ format('{0}:{1}-{2}', env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} - REGISTRY_IMAGE: ${{ format('{0}/{1}:{2}-{3}', env.REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} # ToDo: Move into a separate workflow and depend on ci and mega-linter approve-pr: From 7d1757b6fabbbd3e72aaa35faa0fc7e9eba42030 Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 06:52:18 +0200 Subject: [PATCH 37/53] try to set registry to insecure localhost --- .github/workflows/ci.yml | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 57b2235..f0e9ec2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -38,11 +38,16 @@ jobs: distro: 'ubuntu' codename: 'focal' from-flavor: 'act' + services: + registry: + image: registry:2 + ports: + - 5000:5000 env: IMAGE_NAME: ${{ format('{0}-{1}', matrix.distro, matrix.from-flavor) }} IMAGE_REPOSITORY: ${{ format('{0}/{1}-{2}', vars.DOCKERHUB_USER || github.repository_owner, matrix.distro, matrix.from-flavor) }} SHA: ${{ github.event.pull_request.head.sha || github.event.after }} - FROM_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}-{5}', 'docker.io', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version, github.head_ref || github.ref_name) }} + FROM_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}-{5}', github.ref == 'refs/heads/main' && 'docker.io' || 'localhost:5000', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version, github.head_ref || github.ref_name) }} TO_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}', 'docker.io', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version) }} REGISTRY: ${{ vars.DOCKERHUB_USER && 'docker.io' || 'ghcr.io' }} steps: @@ -61,9 +66,14 @@ jobs: uses: docker/setup-buildx-action@v2.10.0 with: driver: docker-container - driver-opts: image=moby/buildkit:v0.12.2${{ github.ref != 'refs/heads/main' && ',network=host' || '' }} + driver-opts: image=moby/buildkit:v0.12.2,network=host install: true + use: true + cleanup: true platforms: ${{ matrix.platforms }} + config-inline: | + [registry."localhost:5000"] + insecure = true # Login to github container registry # https://github.com/docker/login-action @@ -101,7 +111,7 @@ jobs: flavor: | latest=${{ github.ref == 'refs/heads/main' && matrix.from-version == '22.04' }} labels: | - org.opencontainers.image.authors=['${{ env.REPOSITORY_LINK }}','${{ github.actor }}'] + org.opencontainers.image.authors='${{ env.REPOSITORY_LINK }},${{ github.actor }}' org.opencontainers.image.description=${{ github.event.repository.description }} org.opencontainers.image.documentation=${{ env.REPOSITORY_LINK }} org.opencontainers.image.revision=${{ env.SHA }} @@ -115,10 +125,10 @@ jobs: - name: build image run: >- + # ${{ github.ref == 'refs/heads/main' && '--push' || '--load' }} docker build - --tag ${{ env.FROM_TAG }} + --tag ${{ env.FROM_TAG }} --push --file linux/${{ matrix.distro }}/Dockerfile - ${{ github.ref == 'refs/heads/main' && '--push' || '--load' }} --cache-from ${{ format('type=registry,ref={0}:{1}', env.REGISTRY_IMAGE, matrix.from-version) }} --cache-from ${{ format('type=registry,ref={0}:cache-{1}', env.REGISTRY_IMAGE, matrix.codename) }} --build-arg FROM_IMAGE=buildpack-deps @@ -139,13 +149,12 @@ jobs: # vulnerability scanning to verify PRs - name: Docker Scout id: docker-scout - continue-on-error: true uses: docker/scout-action@v0.23.4 with: - command: ${{github.ref == '/refs/heads/main' && 'sbom' || 'compare' }} + platform: ${{ matrix.platforms }} + command: sbom,compare image: ${{ env.FROM_TAG }} to: ${{ env.TO_TAG }} - organization: ${{ vars.DOCKERHUB_USER }} ignore-unchanged: true only-severities: critical write-comment: ${{ github.actor != 'nektos/act' }} From d7321633c5772755703b38722f6490bd83328865 Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 07:00:40 +0200 Subject: [PATCH 38/53] try pushing to localhost --- .github/workflows/ci.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f0e9ec2..b462380 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -47,7 +47,8 @@ jobs: IMAGE_NAME: ${{ format('{0}-{1}', matrix.distro, matrix.from-flavor) }} IMAGE_REPOSITORY: ${{ format('{0}/{1}-{2}', vars.DOCKERHUB_USER || github.repository_owner, matrix.distro, matrix.from-flavor) }} SHA: ${{ github.event.pull_request.head.sha || github.event.after }} - FROM_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}-{5}', github.ref == 'refs/heads/main' && 'docker.io' || 'localhost:5000', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version, github.head_ref || github.ref_name) }} + # FROM_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}-{5}', github.ref == 'refs/heads/main' && 'docker.io' || 'localhost:5000', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version, github.head_ref || github.ref_name) }} + FROM_TAG: ${{ format('{1}/{2}-{3}:{4}-{5}', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version, github.head_ref || github.ref_name) }} TO_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}', 'docker.io', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version) }} REGISTRY: ${{ vars.DOCKERHUB_USER && 'docker.io' || 'ghcr.io' }} steps: @@ -123,11 +124,12 @@ jobs: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} REPOSITORY_LINK: https://github.com/${{ github.repository }} + # ${{ github.ref == 'refs/heads/main' && '--push' || '--load' }} - name: build image run: >- - # ${{ github.ref == 'refs/heads/main' && '--push' || '--load' }} docker build - --tag ${{ env.FROM_TAG }} --push + --push + --tag ${{ env.FROM_TAG }} --file linux/${{ matrix.distro }}/Dockerfile --cache-from ${{ format('type=registry,ref={0}:{1}', env.REGISTRY_IMAGE, matrix.from-version) }} --cache-from ${{ format('type=registry,ref={0}:cache-{1}', env.REGISTRY_IMAGE, matrix.codename) }} From c0a620520398c299aae7e0ea3bd21ff1cdb515ca Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 07:02:31 +0200 Subject: [PATCH 39/53] fix format --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b462380..e314df2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -48,7 +48,7 @@ jobs: IMAGE_REPOSITORY: ${{ format('{0}/{1}-{2}', vars.DOCKERHUB_USER || github.repository_owner, matrix.distro, matrix.from-flavor) }} SHA: ${{ github.event.pull_request.head.sha || github.event.after }} # FROM_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}-{5}', github.ref == 'refs/heads/main' && 'docker.io' || 'localhost:5000', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version, github.head_ref || github.ref_name) }} - FROM_TAG: ${{ format('{1}/{2}-{3}:{4}-{5}', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version, github.head_ref || github.ref_name) }} + FROM_TAG: ${{ format('{0}/{1}-{2}:{3}-{4}', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version, github.head_ref || github.ref_name) }} TO_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}', 'docker.io', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version) }} REGISTRY: ${{ vars.DOCKERHUB_USER && 'docker.io' || 'ghcr.io' }} steps: From ccdfa4bbdb19fdab3b8def049b6cf0a387b12219 Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 07:06:25 +0200 Subject: [PATCH 40/53] put localhost in front of image --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e314df2..ddcc036 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -47,8 +47,8 @@ jobs: IMAGE_NAME: ${{ format('{0}-{1}', matrix.distro, matrix.from-flavor) }} IMAGE_REPOSITORY: ${{ format('{0}/{1}-{2}', vars.DOCKERHUB_USER || github.repository_owner, matrix.distro, matrix.from-flavor) }} SHA: ${{ github.event.pull_request.head.sha || github.event.after }} + FROM_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}-{5}', 'localhost:5000', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version, github.head_ref || github.ref_name) }} # FROM_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}-{5}', github.ref == 'refs/heads/main' && 'docker.io' || 'localhost:5000', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version, github.head_ref || github.ref_name) }} - FROM_TAG: ${{ format('{0}/{1}-{2}:{3}-{4}', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version, github.head_ref || github.ref_name) }} TO_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}', 'docker.io', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version) }} REGISTRY: ${{ vars.DOCKERHUB_USER && 'docker.io' || 'ghcr.io' }} steps: From 278f7d374e3495c78ea7dbc0979d080e47a82de2 Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 07:11:59 +0200 Subject: [PATCH 41/53] try to pull image --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ddcc036..73c46e7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -144,6 +144,9 @@ jobs: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} + - name: pull image + run: docker pull ${{ env.FROM_TAG }} + - name: inspect image continue-on-error: true run: docker inspect ${{ env.FROM_TAG }} From 36ba84d55e86fdf0ad98261712fe3f0dfd7fd9a6 Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 07:26:30 +0200 Subject: [PATCH 42/53] only imagename:tag --- .github/workflows/ci.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 73c46e7..39c150d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -47,7 +47,7 @@ jobs: IMAGE_NAME: ${{ format('{0}-{1}', matrix.distro, matrix.from-flavor) }} IMAGE_REPOSITORY: ${{ format('{0}/{1}-{2}', vars.DOCKERHUB_USER || github.repository_owner, matrix.distro, matrix.from-flavor) }} SHA: ${{ github.event.pull_request.head.sha || github.event.after }} - FROM_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}-{5}', 'localhost:5000', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version, github.head_ref || github.ref_name) }} + FROM_TAG: ${{ format('{0}-{1}:{2}-{3}', matrix.distro, matrix.from-flavor, matrix.from-version, github.head_ref || github.ref_name) }} # FROM_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}-{5}', github.ref == 'refs/heads/main' && 'docker.io' || 'localhost:5000', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version, github.head_ref || github.ref_name) }} TO_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}', 'docker.io', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version) }} REGISTRY: ${{ vars.DOCKERHUB_USER && 'docker.io' || 'ghcr.io' }} @@ -124,15 +124,14 @@ jobs: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} REPOSITORY_LINK: https://github.com/${{ github.repository }} - # ${{ github.ref == 'refs/heads/main' && '--push' || '--load' }} - name: build image run: >- docker build - --push --tag ${{ env.FROM_TAG }} --file linux/${{ matrix.distro }}/Dockerfile --cache-from ${{ format('type=registry,ref={0}:{1}', env.REGISTRY_IMAGE, matrix.from-version) }} --cache-from ${{ format('type=registry,ref={0}:cache-{1}', env.REGISTRY_IMAGE, matrix.codename) }} + ${{ github.ref == 'refs/heads/main' && '--push' || '--load' }} --build-arg FROM_IMAGE=buildpack-deps --build-arg FROM_VERSION_MAJOR=${{ matrix.from-version-major }} --build-arg FROM_VERSION_MINOR=${{ matrix.from-version-minor }} @@ -144,9 +143,6 @@ jobs: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} - - name: pull image - run: docker pull ${{ env.FROM_TAG }} - - name: inspect image continue-on-error: true run: docker inspect ${{ env.FROM_TAG }} From 6cdfd80bca9a9721fd7f7f410ccd4d5563add60a Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 07:33:00 +0200 Subject: [PATCH 43/53] add org to scout --- .github/workflows/ci.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 39c150d..07d17a2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -72,9 +72,6 @@ jobs: use: true cleanup: true platforms: ${{ matrix.platforms }} - config-inline: | - [registry."localhost:5000"] - insecure = true # Login to github container registry # https://github.com/docker/login-action @@ -162,6 +159,7 @@ jobs: keep-previous-comments: true summary: ${{ github.actor != 'nektos/act' }} github-token: ${{ secrets.GITHUB_TOKEN }} + organization: ${{ vars.DOCKERHUB_USER || github.repository_owner }} # ToDo: Move into a separate workflow and depend on ci and mega-linter approve-pr: From e9892fffd830e943376af2441034779e73cef60a Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 10:32:18 +0200 Subject: [PATCH 44/53] validate PRs via Archive --- .github/workflows/ci.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 07d17a2..fff1147 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -44,6 +44,7 @@ jobs: ports: - 5000:5000 env: + BUILDKIT_PROGRESS: plain IMAGE_NAME: ${{ format('{0}-{1}', matrix.distro, matrix.from-flavor) }} IMAGE_REPOSITORY: ${{ format('{0}/{1}-{2}', vars.DOCKERHUB_USER || github.repository_owner, matrix.distro, matrix.from-flavor) }} SHA: ${{ github.event.pull_request.head.sha || github.event.after }} @@ -121,6 +122,7 @@ jobs: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} REPOSITORY_LINK: https://github.com/${{ github.repository }} + # Build and push Docker images - name: build image run: >- docker build @@ -128,18 +130,19 @@ jobs: --file linux/${{ matrix.distro }}/Dockerfile --cache-from ${{ format('type=registry,ref={0}:{1}', env.REGISTRY_IMAGE, matrix.from-version) }} --cache-from ${{ format('type=registry,ref={0}:cache-{1}', env.REGISTRY_IMAGE, matrix.codename) }} - ${{ github.ref == 'refs/heads/main' && '--push' || '--load' }} --build-arg FROM_IMAGE=buildpack-deps --build-arg FROM_VERSION_MAJOR=${{ matrix.from-version-major }} --build-arg FROM_VERSION_MINOR=${{ matrix.from-version-minor }} --build-arg FROM_FLAVOR=${{ matrix.from-flavor }} --build-arg DISTRO=${{ matrix.distro }} --build-arg CODENAME=${{ matrix.codename }} + ${{ github.ref == 'refs/heads/main' && '--push' || '--output type=docker,dest=/tmp/${{ matrix.distro }}-act-${{ matrix.from-version }}.tar' }} . env: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} + # Just for debugging - name: inspect image continue-on-error: true run: docker inspect ${{ env.FROM_TAG }} @@ -151,7 +154,9 @@ jobs: with: platform: ${{ matrix.platforms }} command: sbom,compare - image: ${{ env.FROM_TAG }} + # image: ${{ env.FROM_TAG }} + image: /tmp/${{ matrix.distro }}-act-${{ matrix.from-version }}.tar + type: archive to: ${{ env.TO_TAG }} ignore-unchanged: true only-severities: critical From 641ad1232ba64697578ca3bbf251efa0c976e2af Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 10:47:13 +0200 Subject: [PATCH 45/53] fix formatting --- .github/workflows/ci.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fff1147..9ac80ce 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -52,6 +52,7 @@ jobs: # FROM_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}-{5}', github.ref == 'refs/heads/main' && 'docker.io' || 'localhost:5000', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version, github.head_ref || github.ref_name) }} TO_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}', 'docker.io', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version) }} REGISTRY: ${{ vars.DOCKERHUB_USER && 'docker.io' || 'ghcr.io' }} + PATH_TO_IMAGE: /tmp/${{ matrix.from-version }}/${{ matrix.platforms }}/${{ matrix.distro }}-${{ matrix.from-flavor }}.tar steps: - uses: actions/checkout@v4 @@ -136,7 +137,7 @@ jobs: --build-arg FROM_FLAVOR=${{ matrix.from-flavor }} --build-arg DISTRO=${{ matrix.distro }} --build-arg CODENAME=${{ matrix.codename }} - ${{ github.ref == 'refs/heads/main' && '--push' || '--output type=docker,dest=/tmp/${{ matrix.distro }}-act-${{ matrix.from-version }}.tar' }} + ${{ github.ref == 'refs/heads/main' && '--push' || format('--output type=docker,dest={0}', env.PATH_TO_IMAGE) }} . env: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} @@ -155,7 +156,7 @@ jobs: platform: ${{ matrix.platforms }} command: sbom,compare # image: ${{ env.FROM_TAG }} - image: /tmp/${{ matrix.distro }}-act-${{ matrix.from-version }}.tar + image: ${{ env.PATH_TO_IMAGE}} type: archive to: ${{ env.TO_TAG }} ignore-unchanged: true From 07009681205c82fef242c99a37cf41beb6362914 Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 10:49:55 +0200 Subject: [PATCH 46/53] fix path --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9ac80ce..aa18098 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -52,7 +52,7 @@ jobs: # FROM_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}-{5}', github.ref == 'refs/heads/main' && 'docker.io' || 'localhost:5000', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version, github.head_ref || github.ref_name) }} TO_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}', 'docker.io', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version) }} REGISTRY: ${{ vars.DOCKERHUB_USER && 'docker.io' || 'ghcr.io' }} - PATH_TO_IMAGE: /tmp/${{ matrix.from-version }}/${{ matrix.platforms }}/${{ matrix.distro }}-${{ matrix.from-flavor }}.tar + PATH_TO_IMAGE: /tmp/${{ matrix.distro }}-${{ matrix.from-flavor }}-${{ matrix.from-version }}-${{ matrix.platforms }}.tar steps: - uses: actions/checkout@v4 From 138b818ae5a93f668e03684297a6e60f7be5158b Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 12:36:34 +0200 Subject: [PATCH 47/53] fix path, build multiarch, sbom only amd64 --- .github/workflows/ci.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index aa18098..efdd69e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,8 +22,8 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - # platforms: ['linux/amd64,linux/arm64'] - platforms: ${{ github.ref == 'refs/heads/main' && fromJson('["linux/amd64,linux/arm64"]') || fromJson(format('["{0}", "{1}"]', 'linux/amd64','linux/arm64')) }} + platforms: ['linux/amd64,linux/arm64'] + # platforms: ${{ github.ref == 'refs/heads/main' && fromJson('["linux/amd64,linux/arm64"]') || fromJson(format('["{0}", "{1}"]', 'linux/amd64','linux/arm64')) }} from-version: ['22.04', '20.04'] include: - from-version: '22.04' @@ -52,7 +52,7 @@ jobs: # FROM_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}-{5}', github.ref == 'refs/heads/main' && 'docker.io' || 'localhost:5000', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version, github.head_ref || github.ref_name) }} TO_TAG: ${{ format('{0}/{1}/{2}-{3}:{4}', 'docker.io', vars.DOCKERHUB_USER, matrix.distro, matrix.from-flavor, matrix.from-version) }} REGISTRY: ${{ vars.DOCKERHUB_USER && 'docker.io' || 'ghcr.io' }} - PATH_TO_IMAGE: /tmp/${{ matrix.distro }}-${{ matrix.from-flavor }}-${{ matrix.from-version }}-${{ matrix.platforms }}.tar + PATH_TO_IMAGE: /tmp/${{ matrix.distro }}-${{ matrix.from-version }}.tar steps: - uses: actions/checkout@v4 @@ -153,9 +153,8 @@ jobs: id: docker-scout uses: docker/scout-action@v0.23.4 with: - platform: ${{ matrix.platforms }} + platform: linux/amd64 command: sbom,compare - # image: ${{ env.FROM_TAG }} image: ${{ env.PATH_TO_IMAGE}} type: archive to: ${{ env.TO_TAG }} From 433cb3e8fa02d70f6ae28f72c8123237a1a02eca Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 12:53:37 +0200 Subject: [PATCH 48/53] small update to settings and free space action --- .github/actions/free-space/action.yml | 13 +++++++------ .vscode/settings.json | 7 +++++-- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/.github/actions/free-space/action.yml b/.github/actions/free-space/action.yml index 123d7d4..0de28dc 100644 --- a/.github/actions/free-space/action.yml +++ b/.github/actions/free-space/action.yml @@ -1,10 +1,11 @@ # yaml-language-server: $schema=https://json.schemastore.org/github-action.json -name: Free some disk space +name: Free disk space author: mauwii -description: | - This Action can be used to free up some disk-space on - github hosted runners +description: This Action can be used to free up some disk-space on github hosted runners +branding: + icon: 'trash-2' + color: 'blue' inputs: deleteDotnet: @@ -26,8 +27,8 @@ runs: shell: bash run: | for dir in /usr/share/dotnet /opt/hostedtoolcache/dotnet; do - if [ -d $dir ]; then - sudo rm -Rf $dir # Ubuntu 18/20 + if [ -d "${dir}" ]; then + sudo rm -Rf "${dir}" fi done diff --git a/.vscode/settings.json b/.vscode/settings.json index 0c8e61e..8d0d19a 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -30,8 +30,11 @@ "editor.tabSize": 2 }, "shellformat.flag": "--indent 4 --binary-next-line --case-indent", + "yaml.format.singleQuote": true, "yaml.schemas": { - "https://json.schemastore.org/github-action.json": "./.github/actions/**.yml", - "https://json.schemastore.org/prettierrc.json": "./.prettierrc.yaml" + "https://json.schemastore.org/github-action.json": [ + "action.yaml", + "action.yml" + ] } } From c88b803d03393d744b44879e28008a3fcba04958 Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 13:20:58 +0200 Subject: [PATCH 49/53] add labels to manual build step --- .github/workflows/ci.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index efdd69e..d09953d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -138,9 +138,18 @@ jobs: --build-arg DISTRO=${{ matrix.distro }} --build-arg CODENAME=${{ matrix.codename }} ${{ github.ref == 'refs/heads/main' && '--push' || format('--output type=docker,dest={0}', env.PATH_TO_IMAGE) }} + --label org.opencontainers.image.authors=['${{ env.REPOSITORY_LINK }}','${{ github.actor }}'] + --label org.opencontainers.image.description=${{ github.event.repository.description }} + --label org.opencontainers.image.documentation=${{ env.REPOSITORY_LINK }} + --label org.opencontainers.image.revision=${{ env.SHA }} + --label org.opencontainers.image.source=${{ github.repositoryUrl }} + --label org.opencontainers.image.title=${{ env.IMAGE_REPOSITORY }}:${{ github.head_ref || github.ref_name }} + --label org.opencontainers.image.url=${{ env.REPOSITORY_LINK }}/blob/${{ env.SHA }}/linux/${{ matrix.distro }}/Dockerfile + --label org.opencontainers.image.vendor=${{ github.repository_owner }} . env: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} + REPOSITORY_LINK: https://github.com/${{ github.repository }} CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} # Just for debugging From 022b0091fd1a8cf7aa191a9ff76ddeefebe240ff Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 14:46:19 +0200 Subject: [PATCH 50/53] fix syntax --- .github/workflows/ci.yml | 66 ++++++++++++++++++++++++++++++---------- 1 file changed, 50 insertions(+), 16 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d09953d..35c0275 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -123,6 +123,41 @@ jobs: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} REPOSITORY_LINK: https://github.com/${{ github.repository }} + # # Build and push Docker image with Buildx (don't push on PR) + # # https://github.com/docker/build-push-action + # - name: Build and push + # id: build + # uses: docker/build-push-action@v4 + # with: + # context: . + # # github-token for the repository context + # github-token: ${{ secrets.GITHUB_TOKEN }} + # file: ./linux/${{ matrix.distro }}/Dockerfile + # platforms: ${{ matrix.platforms }} + # labels: ${{ steps.meta.outputs.labels }} + # tags: ${{ steps.meta.outputs.tags }} + # # tags: ${{ format('{0}:{1}-{2}', github.actor != 'nektos/act' && env.REGISTRY_IMAGE || env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }} + # build-args: | + # FROM_IMAGE=buildpack-deps + # FROM_VERSION_MAJOR=${{ matrix.from-version-major }} + # FROM_VERSION_MINOR=${{ matrix.from-version-minor }} + # FROM_FLAVOR=${{ matrix.from-flavor }} + # DISTRO=${{ matrix.distro }} + # CODENAME=${{ matrix.codename }} + # # caching to speed up the build + # cache-from: | + # ${{ format('type=registry,ref={0}:{1}', env.REGISTRY_IMAGE, matrix.from-version) }} + # ${{ format('type=registry,ref={0}:cache-{1}', env.REGISTRY_IMAGE, matrix.codename) }} + # # don't export cache on PR + # cache-to: ${{ github.ref == 'refs/heads/main' && format('type=registry,ref={0}:cache-{1},mode=max', env.REGISTRY_IMAGE, matrix.codename) || '' }} + # # this will give us some useful information about the build + # provenance: mode=max + # # push if not building with act + # push: ${{ github.ref == 'refs/heads/main' }} + # outputs: 'type=oci,dest=${{ env.PATH_TO_IMAGE }}' + # env: + # REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} + # Build and push Docker images - name: build image run: >- @@ -131,26 +166,25 @@ jobs: --file linux/${{ matrix.distro }}/Dockerfile --cache-from ${{ format('type=registry,ref={0}:{1}', env.REGISTRY_IMAGE, matrix.from-version) }} --cache-from ${{ format('type=registry,ref={0}:cache-{1}', env.REGISTRY_IMAGE, matrix.codename) }} - --build-arg FROM_IMAGE=buildpack-deps - --build-arg FROM_VERSION_MAJOR=${{ matrix.from-version-major }} - --build-arg FROM_VERSION_MINOR=${{ matrix.from-version-minor }} - --build-arg FROM_FLAVOR=${{ matrix.from-flavor }} - --build-arg DISTRO=${{ matrix.distro }} - --build-arg CODENAME=${{ matrix.codename }} + --build-arg FROM_IMAGE='buildpack-deps' + --build-arg FROM_VERSION_MAJOR='${{ matrix.from-version-major }}' + --build-arg FROM_VERSION_MINOR='${{ matrix.from-version-minor }}' + --build-arg FROM_FLAVOR='${{ matrix.from-flavor }}' + --build-arg DISTRO='${{ matrix.distro }}' + --build-arg CODENAME='${{ matrix.codename }}' ${{ github.ref == 'refs/heads/main' && '--push' || format('--output type=docker,dest={0}', env.PATH_TO_IMAGE) }} - --label org.opencontainers.image.authors=['${{ env.REPOSITORY_LINK }}','${{ github.actor }}'] - --label org.opencontainers.image.description=${{ github.event.repository.description }} - --label org.opencontainers.image.documentation=${{ env.REPOSITORY_LINK }} - --label org.opencontainers.image.revision=${{ env.SHA }} - --label org.opencontainers.image.source=${{ github.repositoryUrl }} - --label org.opencontainers.image.title=${{ env.IMAGE_REPOSITORY }}:${{ github.head_ref || github.ref_name }} - --label org.opencontainers.image.url=${{ env.REPOSITORY_LINK }}/blob/${{ env.SHA }}/linux/${{ matrix.distro }}/Dockerfile - --label org.opencontainers.image.vendor=${{ github.repository_owner }} + --label org.opencontainers.image.authors='${{ env.REPOSITORY_LINK }}, ${{ github.actor }}' + --label org.opencontainers.image.description='${{ github.event.repository.description }}' + --label org.opencontainers.image.documentation='${{ env.REPOSITORY_LINK }}' + --label org.opencontainers.image.revision='${{ env.SHA }}' + --label org.opencontainers.image.source='${{ github.repositoryUrl }}' + --label org.opencontainers.image.title='${{ env.IMAGE_REPOSITORY }}:${{ github.head_ref || github.ref_name }}' + --label org.opencontainers.image.url='${{ env.REPOSITORY_LINK }}/blob/${{ env.SHA }}/linux/${{ matrix.distro }}/Dockerfile' + --label org.opencontainers.image.vendor='${{ github.repository_owner }}' . env: REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} REPOSITORY_LINK: https://github.com/${{ github.repository }} - CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} # Just for debugging - name: inspect image @@ -162,7 +196,7 @@ jobs: id: docker-scout uses: docker/scout-action@v0.23.4 with: - platform: linux/amd64 + # platform: linux/amd64 command: sbom,compare image: ${{ env.PATH_TO_IMAGE}} type: archive From b37598160764dabb56c110394d4e323663f550de Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 15:03:52 +0200 Subject: [PATCH 51/53] use meta-step outputs --- .github/workflows/ci.yml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 35c0275..4da756a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -162,7 +162,7 @@ jobs: - name: build image run: >- docker build - --tag ${{ env.FROM_TAG }} + --tag ${{ steps.meta.outputs.tags }} --file linux/${{ matrix.distro }}/Dockerfile --cache-from ${{ format('type=registry,ref={0}:{1}', env.REGISTRY_IMAGE, matrix.from-version) }} --cache-from ${{ format('type=registry,ref={0}:cache-{1}', env.REGISTRY_IMAGE, matrix.codename) }} @@ -187,9 +187,12 @@ jobs: REPOSITORY_LINK: https://github.com/${{ github.repository }} # Just for debugging - - name: inspect image + - name: inspect FROM_TAG continue-on-error: true run: docker inspect ${{ env.FROM_TAG }} + - name: inspect steps.meta.outputs.tags + continue-on-error: true + run: docker inspect ${{ steps.meta.outputs.tags }} # vulnerability scanning to verify PRs - name: Docker Scout @@ -198,14 +201,14 @@ jobs: with: # platform: linux/amd64 command: sbom,compare - image: ${{ env.PATH_TO_IMAGE}} - type: archive + image: ${{ github.ref == 'refs/heads/main' && steps.meta.outputs.tags || env.PATH_TO_IMAGE }} + type: ${{ github.ref == 'refs/heads/main' && 'image' || 'archive' }} to: ${{ env.TO_TAG }} ignore-unchanged: true only-severities: critical - write-comment: ${{ github.actor != 'nektos/act' }} + write-comment: ${{ github.event_name == 'pull_request' && github.actor != 'nektos/act' }} keep-previous-comments: true - summary: ${{ github.actor != 'nektos/act' }} + summary: ${{ github.event_name == 'pull_request' && github.actor != 'nektos/act' }} github-token: ${{ secrets.GITHUB_TOKEN }} organization: ${{ vars.DOCKERHUB_USER || github.repository_owner }} From b3e3a4358b088d4f7ec2397fe7f48c76cba14546 Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 15:08:03 +0200 Subject: [PATCH 52/53] resolve linter issue - don't use github.ref directly in a shell script --- .github/workflows/ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4da756a..4cec242 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -172,7 +172,7 @@ jobs: --build-arg FROM_FLAVOR='${{ matrix.from-flavor }}' --build-arg DISTRO='${{ matrix.distro }}' --build-arg CODENAME='${{ matrix.codename }}' - ${{ github.ref == 'refs/heads/main' && '--push' || format('--output type=docker,dest={0}', env.PATH_TO_IMAGE) }} + ${{ fromJson(env.IS_MAIN) && '--push' || format('--output type=docker,dest={0}', env.PATH_TO_IMAGE) }} --label org.opencontainers.image.authors='${{ env.REPOSITORY_LINK }}, ${{ github.actor }}' --label org.opencontainers.image.description='${{ github.event.repository.description }}' --label org.opencontainers.image.documentation='${{ env.REPOSITORY_LINK }}' @@ -183,6 +183,7 @@ jobs: --label org.opencontainers.image.vendor='${{ github.repository_owner }}' . env: + IS_MAIN: ${{ github.ref == 'refs/heads/main' }} REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} REPOSITORY_LINK: https://github.com/${{ github.repository }} From c194f9b8bbf5f4b7887d1feb2e2700adef930f9c Mon Sep 17 00:00:00 2001 From: mauwii Date: Sat, 16 Sep 2023 15:17:39 +0200 Subject: [PATCH 53/53] fix linter issue - replace github.head_ref with a variable/expression --- .github/workflows/ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4cec242..2e6f6ba 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -178,7 +178,7 @@ jobs: --label org.opencontainers.image.documentation='${{ env.REPOSITORY_LINK }}' --label org.opencontainers.image.revision='${{ env.SHA }}' --label org.opencontainers.image.source='${{ github.repositoryUrl }}' - --label org.opencontainers.image.title='${{ env.IMAGE_REPOSITORY }}:${{ github.head_ref || github.ref_name }}' + --label org.opencontainers.image.title='${{ env.TITLE_TAG }}' --label org.opencontainers.image.url='${{ env.REPOSITORY_LINK }}/blob/${{ env.SHA }}/linux/${{ matrix.distro }}/Dockerfile' --label org.opencontainers.image.vendor='${{ github.repository_owner }}' . @@ -186,6 +186,7 @@ jobs: IS_MAIN: ${{ github.ref == 'refs/heads/main' }} REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }} REPOSITORY_LINK: https://github.com/${{ github.repository }} + TITLE_TAG: ${{ format('{0}:{1}', env.IMAGE_REPOSITORY, github.head_ref || github.ref_name) }} # Just for debugging - name: inspect FROM_TAG