Bump Alpine to 3.19.0 and Go to 1.21.5 #15
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - v?* | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Prepare | |
| id: prep | |
| run: | | |
| # If this is a git tag, use the tag name as a docker tag | |
| if [[ $GITHUB_REF == refs/tags/v?* ]]; then | |
| registry=quay.io | |
| name="$GITHUB_REPOSITORY" | |
| tag="${GITHUB_REF#refs/tags/v}" | |
| tag="${tag//+/-}" | |
| else | |
| registry=ttl.sh | |
| name="${GITHUB_REPOSITORY//\//-}-$GITHUB_SHA-$GITHUB_RUN_ID" | |
| tag=1d | |
| fi | |
| { | |
| echo registry="$registry" | |
| echo name="$name" | |
| echo tag="$tag" | |
| } >>"$GITHUB_OUTPUT" | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| with: | |
| platforms: amd64,arm64,arm | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| - name: Build OCI image archive | |
| id: build | |
| uses: docker/[email protected] | |
| with: | |
| builder: ${{ steps.buildx.outputs.name }} | |
| platforms: linux/amd64,linux/arm64,linux/arm | |
| tags: ${{ format('{0}/{1}:{2}', steps.prep.outputs.registry, steps.prep.outputs.name, steps.prep.outputs.tag) }} | |
| outputs: type=oci,dest=oci-image.tar | |
| - name: Compress OCI image archive | |
| # Pre-compress the image archive so that the upload-artifact action | |
| # doesn't try to do it. The layers inside the tar archive are themselves | |
| # already gzip compressed, so this is not for size reduction, but solely | |
| # to prevent the very slow compression process in the upload-artifact | |
| # action. | |
| # See: https://github.com/actions/upload-artifact/issues/199 | |
| # See: https://github.com/actions/toolkit/blob/6c1f9eaae833355a0b212b66c5f2e3ac366de185/packages/artifact/src/internal/upload-gzip.ts#L11-L33 | |
| # Might be fixed when upload-artifact@v4 gets released: https://github.com/actions/toolkit/pull/1488 | |
| run: zstdmt --fast oci-image.tar | |
| - name: Upload OCI image archive | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: oci-image.tar.zst | |
| path: oci-image.tar.zst | |
| - name: Extract OCI image archive | |
| run: mkdir image && tar xf oci-image.tar.zst -C image/ | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/[email protected] | |
| with: | |
| input: image/ | |
| format: table | |
| list-all-pkgs: "true" # Flags a warning, but prints out stuff nevertheless | |
| exit-code: "1" | |
| - name: Log in to registry | |
| if: steps.prep.outputs.registry != 'ttl.sh' | |
| uses: redhat-actions/podman-login@v1 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| registry: ${{ steps.prep.outputs.registry }} | |
| - name: Upload OCI image to registry | |
| env: | |
| REGISTRY: ${{ steps.prep.outputs.registry }} | |
| NAME: ${{ steps.prep.outputs.name }} | |
| TAG: ${{ steps.prep.outputs.tag }} | |
| run: | | |
| podmanArgs=(-v "$(realpath oci-image.tar):/image.tar:ro") | |
| skopeoArgs=(--multi-arch all --preserve-digests) | |
| if [ -e "$REGISTRY_AUTH_FILE" ]; then | |
| podmanArgs+=(-v "$REGISTRY_AUTH_FILE:/auth.json:ro") | |
| skopeoArgs+=(--authfile=/auth.json) | |
| fi | |
| set -x | |
| podman run "${podmanArgs[@]}" \ | |
| docker://quay.io/skopeo/stable:v1.13.3 copy "${skopeoArgs[@]}" \ | |
| oci-archive:/image.tar "docker://$REGISTRY/$NAME:$TAG" |