Bump to 0.218.21 #125
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ================================================================================================= | |
| name: "Server" | |
| # ================================================================================================= | |
| on: | |
| workflow_dispatch: {} | |
| pull_request: | |
| paths: | |
| - .github/workflows/cd-server.yml | |
| - images/vanilla/**/* | |
| - images/vanilla/* | |
| push: | |
| branches: | |
| - develop | |
| - stable | |
| paths: | |
| - .github/workflows/cd-server.yml | |
| - images/vanilla/**/* | |
| - images/vanilla/* | |
| # ================================================================================================= | |
| env: | |
| image_name: "adaliszk/valheim-server" | |
| # ================================================================================================= | |
| jobs: | |
| # | |
| # STAGE: LINT | |
| # | |
| lint: | |
| runs-on: ubuntu-latest | |
| name: "Lint" | |
| steps: | |
| - | |
| name: "Checkout" | |
| uses: actions/checkout@v2 | |
| - | |
| name: "Shellcheck" | |
| uses: ludeeus/action-shellcheck@master | |
| with: | |
| scandir: "./images/vanilla" | |
| - | |
| name: "Hadolint" | |
| uses: brpaz/[email protected] | |
| with: | |
| dockerfile: "./images/vanilla/Dockerfile" | |
| # | |
| # STAGE: BUILD | |
| # | |
| build: | |
| name: "Build" | |
| runs-on: ubuntu-latest | |
| needs: [ "lint" ] | |
| steps: | |
| - | |
| name: "Checkout" | |
| uses: actions/checkout@v2 | |
| - | |
| name: "Get the tag from Dockertag" | |
| run: | | |
| cat ./images/vanilla/Dockertag > vanilla.tags | |
| - | |
| name: "Resolve Cache Hash" | |
| env: | |
| hash_path: "./images/vanilla" | |
| run: | | |
| IMAGE_TAG=${{ hashFiles( env.hash_path ) }} | |
| echo "${IMAGE_TAG}" > vanilla.hash | |
| echo "image_tag=${IMAGE_TAG}" >> $GITHUB_ENV | |
| - | |
| id: docker-cache | |
| name: "Use Docker Cache" | |
| uses: actions/cache@v2 | |
| env: | |
| hash_path: "./images/vanilla" | |
| with: | |
| key: cd-server-${{ matrix.tag }}-${{ env.image_tag }} | |
| path: | | |
| vanilla.* | |
| - | |
| if: steps.docker-cache.outputs.cache-hit == 'true' | |
| name: "Load the saved Image" | |
| run: | | |
| docker load < vanilla.tar.gz | |
| - | |
| if: steps.docker-cache.outputs.cache-hit != 'true' | |
| name: "Build :vanilla" | |
| run: | | |
| docker build -t ${{ env.image_name }}:${{ env.image_tag }} ./images/vanilla | |
| docker save ${{ env.image_name }}:${{ env.image_tag }} > vanilla.tar.gz | |
| - | |
| name: "Tag for the Security Scan" | |
| run: | | |
| docker tag ${{ env.image_name }}:${{ env.image_tag }} ${{ env.image_name }}:vanilla | |
| - | |
| name: "Run Trivy vulnerability scanner" | |
| uses: aquasecurity/trivy-action@master | |
| env: | |
| source_image: "${{ env.image_name }}:vanilla" | |
| with: | |
| image-ref: '${{ env.source_image }}' | |
| format: 'template' | |
| template: '@/contrib/sarif.tpl' | |
| output: 'trivy-results.sarif' | |
| severity: 'CRITICAL,HIGH' | |
| - | |
| name: "Upload Trivy scan results to GitHub Security tab" | |
| uses: github/codeql-action/upload-sarif@v1 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| # | |
| # PUSH STAGE | |
| # | |
| push: | |
| name: "Push" | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/stable' | |
| needs: [ "build" ] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| registry: [ "docker.io", "quay.io", "ghcr.io" ] | |
| include: | |
| - | |
| registry: "docker.io" | |
| registry_username: "DOCKERHUB_USERNAME" | |
| registry_password: "DOCKERHUB_TOKEN" | |
| registry_url: "" | |
| image_prefix: "" | |
| image_suffix: "" | |
| - | |
| registry: "quay.io" | |
| registry_username: "QUAY_USERNAME" | |
| registry_password: "QUAY_TOKEN" | |
| registry_url: "quay.io" | |
| image_prefix: "quay.io/" | |
| image_suffix: "" | |
| - | |
| registry: "ghcr.io" | |
| registry_username: "GHCR_USERNAME" | |
| registry_password: "GHCR_PASSWORD" | |
| registry_url: "ghcr.io" | |
| image_prefix: "ghcr.io/" | |
| image_suffix: "" | |
| steps: | |
| - | |
| name: "Checkout" | |
| uses: actions/checkout@v2 | |
| - | |
| name: "Resolve Cache Hash" | |
| env: | |
| hash_path: "./images/vanilla" | |
| run: | | |
| IMAGE_TAG=${{ hashFiles( env.hash_path ) }} | |
| echo "${IMAGE_TAG}" > vanilla.hash | |
| echo "image_tag=${IMAGE_TAG}" >> $GITHUB_ENV | |
| - | |
| id: docker-cache | |
| name: "Use Docker Cache" | |
| uses: actions/cache@v2 | |
| env: | |
| hash_path: "./images/vanilla" | |
| with: | |
| key: cd-server-${{ matrix.tag }}-${{ env.image_tag }} | |
| path: | | |
| vanilla.* | |
| - | |
| name: "Load the saved Image" | |
| run: | | |
| docker load < vanilla.tar.gz | |
| - | |
| name: "Login to ${{ matrix.registry }}" | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ${{ matrix.registry_url }} | |
| username: ${{ secrets[matrix.registry_username] }} | |
| password: ${{ secrets[matrix.registry_password] }} | |
| - | |
| if: github.ref == 'refs/heads/develop' | |
| name: "Push ${{ matrix.registry_name }} :vanilla" | |
| continue-on-error: true | |
| env: | |
| source_image: "${{ env.image_name }}:${{ env.image_tag }}" | |
| target_image: "${{ matrix.image_prefix }}${{ env.image_name }}${{ matrix.image_suffix }}:vanilla" | |
| run: | | |
| docker tag ${{ env.source_image }} ${{ env.target_image }} | |
| docker push ${{ env.target_image }} | |
| - | |
| #if: github.ref == 'refs/heads/stable' | |
| name: "Push ${{ matrix.registry_name }}" | |
| continue-on-error: true | |
| env: | |
| source_image: "${{ env.image_name }}:${{ env.image_tag }}" | |
| target_image: "${{ matrix.image_prefix }}${{ env.image_name }}${{ matrix.image_suffix }}" | |
| run: | | |
| cat vanilla.tags | tr \\n \\0 | xargs -0 -I '###' -n1 docker tag ${{ env.source_image }} ${{ env.target_image }}:### | |
| cat vanilla.tags | tr \\n \\0 | xargs -0 -I '###' -n1 docker push ${{ env.target_image }}:### |