Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't push container image on PR, but compare to published image #31

Merged
merged 53 commits into from
Sep 16, 2023
Merged
Show file tree
Hide file tree
Changes from 13 commits
Commits
Show all changes
53 commits
Select commit Hold shift + click to select a range
bc7b315
update ci.yml
mauwii Sep 15, 2023
bec74c1
split platforms on PR
mauwii Sep 15, 2023
be64ecf
update ci.yml
mauwii Sep 15, 2023
199bc15
update ci.yml
mauwii Sep 15, 2023
499fec2
update ci.yml
mauwii Sep 15, 2023
de26e53
update README.md
mauwii Sep 15, 2023
dc36f43
remove broken extension from recommends
mauwii Sep 15, 2023
a5bdb52
set-safe-directory when checking out
mauwii Sep 15, 2023
f3efa16
use fixed image in scout step
mauwii Sep 15, 2023
dee5be7
good ol days when image names where image names
mauwii Sep 15, 2023
eb50ba4
more image names
mauwii Sep 15, 2023
75cb06e
remove image without registry
mauwii Sep 15, 2023
a7be94e
remove debug step
mauwii Sep 15, 2023
5af1893
it works on my local
mauwii Sep 15, 2023
bedddb7
try to pull image manually
mauwii Sep 15, 2023
c61b8bb
fix dependencie, add other debug step
mauwii Sep 15, 2023
3e3ac36
set credentials for registry
mauwii Sep 15, 2023
bb4a6a4
push if main, load if not
mauwii Sep 16, 2023
dc8f6d3
remove registry login
mauwii Sep 16, 2023
a1336d7
use outputs type=image
mauwii Sep 16, 2023
cee4c86
back to always push but not nektos
mauwii Sep 16, 2023
c549089
single arch if not default branch
mauwii Sep 16, 2023
d917751
manual build
mauwii Sep 16, 2023
477df73
add --load
mauwii Sep 16, 2023
8e1c366
try multiarch with manual build command
mauwii Sep 16, 2023
7bebb80
add more parameters to build command
mauwii Sep 16, 2023
4bf238d
use docker build
mauwii Sep 16, 2023
c46021b
remove sbom attestation
mauwii Sep 16, 2023
75a4221
retry with build-push-action
mauwii Sep 16, 2023
adda10d
disable labels
mauwii Sep 16, 2023
6ec0461
stick with manual build step
mauwii Sep 16, 2023
68a7e3e
push main, load others
mauwii Sep 16, 2023
da68498
sbom for main, compare if other
mauwii Sep 16, 2023
a2972a4
add env.IMAGE_TAG
mauwii Sep 16, 2023
8701954
split archs if not main
mauwii Sep 16, 2023
06f80d6
use FROM_TAG and TO_TAG
mauwii Sep 16, 2023
7d1757b
try to set registry to insecure localhost
mauwii Sep 16, 2023
d732163
try pushing to localhost
mauwii Sep 16, 2023
c0a6205
fix format
mauwii Sep 16, 2023
ccdfa4b
put localhost in front of image
mauwii Sep 16, 2023
278f7d3
try to pull image
mauwii Sep 16, 2023
36ba84d
only imagename:tag
mauwii Sep 16, 2023
6cdfd80
add org to scout
mauwii Sep 16, 2023
e9892ff
validate PRs via Archive
mauwii Sep 16, 2023
641ad12
fix formatting
mauwii Sep 16, 2023
0700968
fix path
mauwii Sep 16, 2023
138b818
fix path, build multiarch, sbom only amd64
mauwii Sep 16, 2023
433cb3e
small update to settings and free space action
mauwii Sep 16, 2023
c88b803
add labels to manual build step
mauwii Sep 16, 2023
022b009
fix syntax
mauwii Sep 16, 2023
b375981
use meta-step outputs
mauwii Sep 16, 2023
b3e3a43
resolve linter issue
mauwii Sep 16, 2023
c194f9b
fix linter issue
mauwii Sep 16, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
90 changes: 56 additions & 34 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ name: ci

on:
push:
branches: [main]
paths:
- '**/Dockerfile'
- '**/toolsets/*.json'
Expand All @@ -21,6 +22,9 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
platforms: ['linux/amd64,linux/arm64']
# platforms: ${{ github.event_name == 'pull_request' && fromJson(format('["{0}", "{1}"]', 'linux/amd64','linux/arm64')) || fromJson('["linux/amd64,linux/arm64"]') }}
from-version: ['22.04', '20.04']
include:
- from-version: '22.04'
from-version-major: '22'
Expand All @@ -34,13 +38,18 @@ jobs:
distro: 'ubuntu'
codename: 'focal'
from-flavor: 'act'
services:
registry:
image: registry:2
ports:
- 5000:5000
# options: --entrypoint /bin/registry
env:
REGISTRY: docker.io
CACHE_FROM_REGISTRY: docker.io
IMAGE_NAME: ${{ format('{0}-{1}', matrix.distro, matrix.from-flavor) }}
IMAGE_REPOSITORY: ${{ format('{0}/{1}', github.repository_owner, format('{0}-{1}', matrix.distro, matrix.from-flavor)) }}
IMAGE_REPOSITORY: ${{ format('{0}/{1}-{2}', vars.DOCKERHUB_USER || github.repository_owner, matrix.distro, matrix.from-flavor) }}
SHA: ${{ github.event.pull_request.head.sha || github.event.after }}
DOCKERHUB_USERNAME: ${{ github.repository_owner }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
REGISTRY: ${{ github.ref == 'refs/heads/main' && format('{0}', vars.DOCKERHUB_USER != '' && 'docker.io' || 'ghcr.io') || 'localhost:5000' }}
steps:
- uses: actions/checkout@v4

Expand All @@ -55,40 +64,48 @@ jobs:

- name: Set up Docker Buildx
uses: docker/[email protected]
# with:
# driver-opts: |
# image=moby/buildkit:v0.12.2
# network=host

# - name: Login to GitHub Container Registry
# uses: docker/[email protected]
# with:
# registry: ghcr.io
# username: ${{ github.repository_owner }}
# password: ${{ secrets.GITHUB_TOKEN }}
with:
driver: docker-container
driver-opts: image=moby/buildkit:v0.12.2${{ github.ref != 'refs/heads/main' && ',network=host' || '' }}
install: true
platforms: ${{ matrix.platforms }}

# Login to github container registry
# https://github.com/docker/login-action
- name: Login to GitHub Container Registry
uses: docker/[email protected]
if: vars.DOCKERHUB_USER == ''
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

# Login against a Docker registry
# https://github.com/docker/login-action
- name: Login to Docker Hub
uses: docker/[email protected]
if: vars.DOCKERHUB_USER != ''
with:
registry: ${{ env.REGISTRY }}
username: ${{ env.DOCKERHUB_USERNAME }}
password: ${{ env.DOCKERHUB_TOKEN }}
registry: docker.io
username: ${{ vars.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
logout: true

# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v4.4.0
uses: docker/metadata-action@v4.6.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
images: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }}
# images: ${{ github.actor != 'nektos/act' && format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) || env.IMAGE_REPOSITORY }}
images: |
${{ env.REGISTRY }}/${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}
${{ vars.DOCKERHUB_USER }}/${{ env.IMAGE_NAME }}
tags: |
type=sha,prefix=${{ matrix.from-version }}-,format=short,enable={{is_default_branch}},priority=1000
type=raw,value=${{ matrix.from-version }},enable={{is_default_branch}},priority=900
type=raw,value=${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }},priority=600
type=sha,prefix=${{ matrix.from-version }}-,format=short,enable={{is_default_branch}},priority=100
flavor: |
latest=${{ github.ref == format('refs/heads/{0}', 'main') && matrix.from-version == '22.04' }}
labels: |
Expand All @@ -97,7 +114,7 @@ jobs:
org.opencontainers.image.documentation=${{ env.REPOSITORY_LINK }}
org.opencontainers.image.revision=${{ env.SHA }}
org.opencontainers.image.source=${{ github.repositoryUrl }}
org.opencontainers.image.title=${{ env.IMAGE_REPOSITORY }}:${{ github.head_ref || github.ref_name }}
org.opencontainers.image.title=${{ env.IMAGE_REPOSITORY }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }}
org.opencontainers.image.url=${{ env.REPOSITORY_LINK }}/blob/${{ env.SHA }}/linux/${{ matrix.distro }}/Dockerfile
org.opencontainers.image.vendor=${{ github.repository_owner }}
env:
Expand All @@ -113,7 +130,7 @@ jobs:
# github-token for the repository context
github-token: ${{ secrets.GITHUB_TOKEN }}
file: ./linux/${{ matrix.distro }}/Dockerfile
platforms: linux/amd64,linux/arm64
platforms: ${{ matrix.platforms }}
labels: ${{ steps.meta.outputs.labels }}
tags: ${{ steps.meta.outputs.tags }}
build-args: |
Expand All @@ -125,34 +142,39 @@ jobs:
CODENAME=${{ matrix.codename }}
# caching to speed up the build
cache-from: |
type=registry,ref=${{ env.REGISTRY_IMAGE }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }}
type=registry,ref=${{ env.REGISTRY_IMAGE }}:cache-${{ matrix.codename }}
# cache exporter doesn't work with docker driver
cache-to: |
type=registry,ref=${{ env.REGISTRY_IMAGE }}:cache-${{ matrix.codename }},mode=max
${{ format('type=registry,ref={0}:{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.from-version) }}
${{ format('type=registry,ref={0}:cache-{1}', env.CACHE_FROM_REGISTRY_IMAGE, matrix.codename) }}
# don't export cache on PR
cache-to: ${{ github.ref == 'refs/heads/main' && format('type=registry,ref={0}:cache-{1},mode=max', env.REGISTRY_IMAGE, matrix.codename) || '' }}
# this will give us some useful information about the build
provenance: mode=max
push: true
# outputs: type=image,name=${{ env.REGISTRY_IMAGE }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }},push=true
# push if not building with act
push: ${{ github.actor != 'nektos/act' }}
load: ${{ github.actor == 'nektos/act' }}
env:
REGISTRY_IMAGE: ${{ format('{0}/{1}', env.REGISTRY, env.IMAGE_REPOSITORY) }}
CACHE_FROM_REGISTRY_IMAGE: ${{ format('{0}/{1}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY) }}

# vulnerability scanning to verify PRs
- name: Docker Scout
id: docker-scout
continue-on-error: true
uses: docker/[email protected]
with:
command: sbom,compare
image: ${{ steps.meta.outputs.tags }}
to: ${{ format('{0}/{1}:{2}', env.REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version) }}
organization: ${{ github.repository_owner }}
command: ${{ github.ref == 'refs/heads/main' && 'sbom,compare' || 'compare' }}
image: ${{ github.actor != 'nektos/act' && steps.meta.outputs.tags || format('{0}:{1}-{2}', env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }}
# image: ${{ steps.meta.outputs.tags }}
# image: ${{ format('{0}:{1}-{2}', env.IMAGE_REPOSITORY, matrix.from-version, github.head_ref || github.ref_name) }}
to: ${{ format('{0}/{1}:{2}-{3}', env.CACHE_FROM_REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version, 'main') }}
organization: ${{ vars.DOCKERHUB_USER }}
ignore-unchanged: true
only-severities: critical
write-comment: ${{ github.actor != 'nektos/act' }}
keep-previous-comments: true
summary: ${{ github.actor != 'nektos/act' }}
github-token: ${{ secrets.GITHUB_TOKEN }}
dockerhub-user: ${{ vars.DOCKERHUB_USER }}
dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }}

# ToDo: Move into a separate workflow and depend on ci and mega-linter
approve-pr:
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/mega-linter.yml
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ jobs:
- name: Checkout Code
uses: actions/checkout@v3
with:
set-safe-directory: true
# token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
token: ${{ secrets.GITHUB_TOKEN }}
fetch-depth: 0 # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performances
Expand Down
1 change: 0 additions & 1 deletion .vscode/extensions.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
{
"recommendations": [
"AquaSecurityOfficial.trivy-vulnerability-scanner",
"editorconfig.editorconfig",
"esbenp.prettier-vscode",
"exiasr.hadolint",
Expand Down
75 changes: 51 additions & 24 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,33 +1,32 @@
# 🐳 Docker images for [nektos/act](https://github.com/nektos/act)

[![Docker Pulls](https://badgen.net/docker/pulls/mauwii/ubuntu-act?icon=docker&label=pulls)](https://hub.docker.com/r/mauwii/ubuntu-act/)
[![Docker Image Size](https://badgen.net/docker/size/mauwii/ubuntu-act?icon=docker&label=image%20size)](https://hub.docker.com/r/mauwii/ubuntu-act/)
[![Docker Stars](https://badgen.net/docker/stars/mauwii/ubuntu-act?icon=docker&label=stars)](https://hub.docker.com/r/mauwii/ubuntu-act/)
[![Github stars](https://badgen.net/github/stars/mauwii/act-docker-images?icon=github&label=stars)](https://github.com/mauwii/act-docker-images)
[![Github forks](https://badgen.net/github/forks/mauwii/act-docker-images?icon=github&label=forks)](https://github.com/mauwii/act-docker-images/fork)
[![Github issues](https://badgen.net/github/issues/mauwii/act-docker-images/?icon=github&label=issues)](https://github.com/mauwii/act-docker-images/issues)
[![Github last-commit](https://badgen.net/github/last-commit/mauwii/act-docker-images/?color=blue&icon=github&label=last-commit)](https://github.com/mauwii/act-docker-images/commits/)

[![ci](https://github.com/mauwii/act-docker-images/actions/workflows/ci.yml/badge.svg?branch=main&event=push)](https://github.com/mauwii/act-docker-images/actions/workflows/ci.yml)
[![Docker-Hub description](https://github.com/mauwii/act-docker-images/actions/workflows/dockerhub-description.yml/badge.svg?branch=main)](https://github.com/mauwii/act-docker-images/actions/workflows/dockerhub-description.yml)
[![MegaLinter](https://github.com/mauwii/act-docker-images/workflows/MegaLinter/badge.svg?branch=main)](https://github.com/mauwii/act-docker-images/actions?query=workflow%3AMegaLinter+branch%3Amain)
[![Docker Pulls](https://badgen.net/docker/pulls/mauwii/ubuntu-act?icon=docker&label=pulls)][dockerHub]
[![Docker Image Size](https://badgen.net/docker/size/mauwii/ubuntu-act?icon=docker&label=image%20size)][dockerHub]
[![Docker Stars](https://badgen.net/docker/stars/mauwii/ubuntu-act?icon=docker&label=stars)][dockerHub]
[![Github stars](https://badgen.net/github/stars/mauwii/act-docker-images?icon=github&label=stars)][githubRepo]
[![Github forks](https://badgen.net/github/forks/mauwii/act-docker-images?icon=github&label=forks)][githubFork]
[![Github issues](https://badgen.net/github/issues/mauwii/act-docker-images/?icon=github&label=issues)][githubIssues]
[![Github last-commit](https://badgen.net/github/last-commit/mauwii/act-docker-images/?color=blue&icon=github&label=last-commit)][githubCommits]

[![ci](https://github.com/mauwii/act-docker-images/actions/workflows/ci.yml/badge.svg?branch=main&event=push)][workflowCi]
[![Docker-Hub description](https://github.com/mauwii/act-docker-images/actions/workflows/dockerhub-description.yml/badge.svg?branch=main)][workflowDhDesc]
[![MegaLinter](https://github.com/mauwii/act-docker-images/workflows/MegaLinter/badge.svg?branch=main&event=push)][workflowMegaLinter]

## ⚠️ Heavily under construction... ⚠️

...so please do not use this anywhere in production ❗

## What

The docker images in this repository can be used with [nektos/act](https://github.com/nektos/act),
which is a very handy tool to run your github workflows locally.
The docker images in this repository can be used with [nektos/act][nektosActRepo], which is a very
handy tool to run your github workflows locally.

If you don't know it yet, I highly recommend to check it out 🤓

## Why

In the other Images I had problems with executing azure related tools, so I decided to create my own
image which is heavily inspired by the images of
[catthehacker](https://github.com/catthehacker/docker_images)
image which is heavily inspired by the images of [catthehacker][catthehackerImages]

## How to use

Expand All @@ -42,8 +41,8 @@ The easiest way is to add those lines in your `~/.actrc`:
-P ubuntu-20.04=mauwii/ubuntu-act:20.04
```

For further Informations about nektos/arc and how to use it, checkout the
[nektos documentation📖](https://nektosact.com/beginner/index.html)
For further Informations about nektos/arc and how to use it, checkout the [nektos
documentation📖][nektosDocs]

## How I run act on my M2-Max 💻

Expand All @@ -59,13 +58,6 @@ For further Informations about nektos/arc and how to use it, checkout the
alias act='gh act -s GITHUB_TOKEN="$(gh auth token)"'
```

- export DOCKER_HOST env

```bash
DOCKER_HOST=$(docker context inspect --format '{{.Endpoints.docker.Host}}')
export DOCKER_HOST
```

- Docker-Desktop settings:

- Advanced:
Expand All @@ -76,6 +68,23 @@ For further Informations about nektos/arc and how to use it, checkout the

✔️ All Beta Features enabled (containerd, wasm, rosetta and builds view)

- Docker Engine (`~/.docker/daemon.json`):

```json
{
"builder": {
"gc": {
"defaultKeepStorage": "20GB",
"enabled": true
}
},
"experimental": true,
"features": {
"buildkit": true
}
}
```

- `~/.actrc`:

```text
Expand All @@ -95,3 +104,21 @@ npx mega-linter-runner \
-e GITHUB_TOKEN="$(gh auth token)" \
--remove-container
```

[dockerHub]: https://hub.docker.com/r/mauwii/ubuntu-act/ "DockerHub"
[githubRepo]: https://github.com/mauwii/act-docker-images/ "GitHub repository"
[githubFork]: https://github.com/mauwii/act-docker-images/fork/ "GitHub forks"
[githubIssues]: https://github.com/mauwii/act-docker-images/issues/ "GitHub issues"
[githubCommits]: https://github.com/mauwii/act-docker-images/commits/ "GitHub commits"
[workflowCi]: https://github.com/mauwii/act-docker-images/actions/workflows/ci.yml "ci workflow"
[workflowDhDesc]:
https://github.com/mauwii/act-docker-images/actions/workflows/dockerhub-description.yml
"DockerHub Description Workflow"
[workflowMegaLinter]:
https://github.com/mauwii/act-docker-images/actions?query=workflow%3AMegaLinter+branch%3Amain
"MegaLinter Workflow"
[nektosActRepo]: https://github.com/nektos/act "nektos/act git repository"
[catthehackerImages]:
https://github.com/catthehacker/docker_images
"catthehacker/docker_images repo"
[nektosDocs]: https://nektosact.com/beginner/index.html "nektos/act docs"
Loading