-
Notifications
You must be signed in to change notification settings - Fork 10
155 lines (127 loc) · 4.52 KB
/
BuildPushDockerImage.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
# This action is builds and pushes the TLS-Anvil and ReportAnalyzer Docker images when:
# - a tag is pushed. This builds and pushes a Docker image with the name of the pushed tag and also creates a draft release.
# - a new commit is pushed to the main branch. The tag of the Docker image is set to 'latest'
# - a pull request to the main branch is created. The image is only built to check if everything compiles.
# This image is not pushed to the ghcr.io repository!
#
# NOTE: Both jobs are copy pasted (GitHub does not support yaml anchors...).
# So if you change something in one job, check the other job as well...
#
# The docker images are only pushed for events on the public repository.
name: Build & Push Docker images
on:
push:
branches:
- main
tags:
- 'v*'
env:
IS_RELEASE: ${{ contains(github.ref, 'refs/tag') }}
SHOULD_PUSH: ${{ github.event_name == 'push' && github.repository == 'tls-attacker/TLS-Anvil' }}
jobs:
tlsanvil:
name: TLS-Anvil
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: recursive
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Determine tag
run: |
if [[ $IS_RELEASE == 'true' ]]; then
echo "DOCKER_TAG=$GITHUB_REF_NAME" >> $GITHUB_ENV
else
echo "DOCKER_TAG=latest" >> $GITHUB_ENV
fi
- name: Build and Push Docker image
uses: docker/build-push-action@v3
with:
context: .
platforms: linux/amd64,linux/arm64
push: ${{ fromJSON(env.SHOULD_PUSH) }}
tags: 'ghcr.io/tls-attacker/tlsanvil:${{ env.DOCKER_TAG }}'
reportAnalyzer:
name: Report Analyzer
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: recursive
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Determine tag
run: |
if [[ $IS_RELEASE == 'true' ]]; then
echo "DOCKER_TAG=$GITHUB_REF_NAME" >> $GITHUB_ENV
else
echo "DOCKER_TAG=latest" >> $GITHUB_ENV
fi
- name: Build and Push Docker image
uses: docker/build-push-action@v3
with:
context: ./Report-Analyzer
push: ${{ fromJSON(env.SHOULD_PUSH) }}
tags: 'ghcr.io/tls-attacker/tlsanvil-reportanalyzer:${{ env.DOCKER_TAG }}'
uploader:
name: Report Uploader
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: recursive
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Determine tag
run: |
if [[ $IS_RELEASE == 'true' ]]; then
echo "DOCKER_TAG=$GITHUB_REF_NAME" >> $GITHUB_ENV
else
echo "DOCKER_TAG=latest" >> $GITHUB_ENV
fi
- name: Build and Push Docker image
uses: docker/build-push-action@v3
with:
context: ./Report-Analyzer/src/backend/uploader
push: ${{ fromJSON(env.SHOULD_PUSH) }}
tags: 'ghcr.io/tls-attacker/tlsanvil-result-uploader:${{ env.DOCKER_TAG }}'
createRelease:
name: Create release
runs-on: ubuntu-latest
needs: tlsanvil
steps:
- name: Get Artifacts from Docker image
if: env.IS_RELEASE == 'true' && env.SHOULD_PUSH == 'true'
run: |
id=$(docker create ghcr.io/tls-attacker/tlsanvil:$GITHUB_REF_NAME)
docker cp $id:/apps/ - > TLS-Anvil.jar.tar
docker rm -v $id
- name: GH Release
uses: softprops/[email protected]
if: env.IS_RELEASE == 'true' && env.SHOULD_PUSH == 'true'
with:
files: TLS-Anvil.jar.tar
generate_release_notes: true
draft: true