build(deps): Bump docker/buildx-bin from 0.13.1 to 0.14.0 in /ci-builder #1646
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker Build | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| schedule: | |
| - cron: '42 2 * * 2' | |
| jobs: | |
| docker-build-ci-builder: | |
| name: docker build ci-builder | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3.0.0 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3.3.0 | |
| with: | |
| version: v0.12.0 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/ci-builder:${{ github.sha }} --load ci-builder/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Run Trivy vulnerability scanner (table output) | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/ci-builder:${{ github.sha }}' | |
| format: 'table' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| trivyignores: .trivyignore | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/ci-builder:${{ github.sha }}' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| # exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| # The SARIF format ignores severity and uploads all vulnerabilities for | |
| # later triage. The table-format step above is used to fail the build if | |
| # there are any critical or high vulnerabilities. | |
| # See https://github.com/aquasecurity/trivy-action/issues/95 | |
| # severity: 'CRITICAL,HIGH' | |
| trivyignores: .trivyignore | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/login-action@v3.1.0 | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3.1.0 | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/ci-builder:${{ github.sha }} --push ci-builder/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/ci-builder:${{ github.sha }} --push ci-builder/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/ci-builder:latest \ | |
| ghcr.io/hairyhenderson/ci-builder:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/ci-builder:latest \ | |
| hairyhenderson/ci-builder:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-dockerfiles-builder: | |
| name: docker build dockerfiles-builder | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3.0.0 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3.3.0 | |
| with: | |
| version: v0.12.0 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/dockerfiles-builder:${{ github.sha }} --load dockerfiles-builder/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Run Trivy vulnerability scanner (table output) | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/dockerfiles-builder:${{ github.sha }}' | |
| format: 'table' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| trivyignores: .trivyignore | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/dockerfiles-builder:${{ github.sha }}' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| # exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| # The SARIF format ignores severity and uploads all vulnerabilities for | |
| # later triage. The table-format step above is used to fail the build if | |
| # there are any critical or high vulnerabilities. | |
| # See https://github.com/aquasecurity/trivy-action/issues/95 | |
| # severity: 'CRITICAL,HIGH' | |
| trivyignores: .trivyignore | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/login-action@v3.1.0 | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3.1.0 | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/dockerfiles-builder:${{ github.sha }} --push dockerfiles-builder/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/dockerfiles-builder:${{ github.sha }} --push dockerfiles-builder/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/dockerfiles-builder:latest \ | |
| ghcr.io/hairyhenderson/dockerfiles-builder:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/dockerfiles-builder:latest \ | |
| hairyhenderson/dockerfiles-builder:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-figlet: | |
| name: docker build figlet | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3.0.0 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3.3.0 | |
| with: | |
| version: v0.12.0 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/figlet:${{ github.sha }} --load figlet/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Run Trivy vulnerability scanner (table output) | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/figlet:${{ github.sha }}' | |
| format: 'table' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| trivyignores: .trivyignore | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/figlet:${{ github.sha }}' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| # exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| # The SARIF format ignores severity and uploads all vulnerabilities for | |
| # later triage. The table-format step above is used to fail the build if | |
| # there are any critical or high vulnerabilities. | |
| # See https://github.com/aquasecurity/trivy-action/issues/95 | |
| # severity: 'CRITICAL,HIGH' | |
| trivyignores: .trivyignore | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/login-action@v3.1.0 | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3.1.0 | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/figlet:${{ github.sha }} --push figlet/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/figlet:${{ github.sha }} --push figlet/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/figlet:latest \ | |
| ghcr.io/hairyhenderson/figlet:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/figlet:latest \ | |
| hairyhenderson/figlet:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-golang-air: | |
| name: docker build golang-air | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3.0.0 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3.3.0 | |
| with: | |
| version: v0.12.0 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/golang-air:${{ github.sha }} --load golang-air/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Run Trivy vulnerability scanner (table output) | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/golang-air:${{ github.sha }}' | |
| format: 'table' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| trivyignores: .trivyignore | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/golang-air:${{ github.sha }}' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| # exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| # The SARIF format ignores severity and uploads all vulnerabilities for | |
| # later triage. The table-format step above is used to fail the build if | |
| # there are any critical or high vulnerabilities. | |
| # See https://github.com/aquasecurity/trivy-action/issues/95 | |
| # severity: 'CRITICAL,HIGH' | |
| trivyignores: .trivyignore | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/login-action@v3.1.0 | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3.1.0 | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/golang-air:${{ github.sha }} --push golang-air/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/golang-air:${{ github.sha }} --push golang-air/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/golang-air:latest \ | |
| ghcr.io/hairyhenderson/golang-air:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/golang-air:latest \ | |
| hairyhenderson/golang-air:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-gomplate-ci-build: | |
| name: docker build gomplate-ci-build | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3.0.0 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3.3.0 | |
| with: | |
| version: v0.12.0 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --build-arg GO_VERSION=1.20 --tag ghcr.io/hairyhenderson/gomplate-ci-build:${{ github.sha }} --load gomplate-ci-build/ | |
| docker buildx build --build-arg GO_VERSION=1.19 --tag ghcr.io/hairyhenderson/gomplate-ci-build:${{ github.sha }} --load gomplate-ci-build/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Run Trivy vulnerability scanner (table output) | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/gomplate-ci-build:${{ github.sha }}' | |
| format: 'table' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| trivyignores: .trivyignore | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/gomplate-ci-build:${{ github.sha }}' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| # exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| # The SARIF format ignores severity and uploads all vulnerabilities for | |
| # later triage. The table-format step above is used to fail the build if | |
| # there are any critical or high vulnerabilities. | |
| # See https://github.com/aquasecurity/trivy-action/issues/95 | |
| # severity: 'CRITICAL,HIGH' | |
| trivyignores: .trivyignore | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/login-action@v3.1.0 | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3.1.0 | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64 | |
| docker buildx build --build-arg GO_VERSION=1.20 \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/gomplate-ci-build:${{ github.sha }} --push gomplate-ci-build/ | |
| docker buildx build --build-arg GO_VERSION=1.20 \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/gomplate-ci-build:${{ github.sha }} --push gomplate-ci-build/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/gomplate-ci-build:1.20 \ | |
| ghcr.io/hairyhenderson/gomplate-ci-build:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/gomplate-ci-build:1.20 \ | |
| hairyhenderson/gomplate-ci-build:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/gomplate-ci-build:latest \ | |
| ghcr.io/hairyhenderson/gomplate-ci-build:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/gomplate-ci-build:latest \ | |
| hairyhenderson/gomplate-ci-build:${{ github.sha }} | |
| docker buildx build --build-arg GO_VERSION=1.19 \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/gomplate-ci-build:${{ github.sha }} --push gomplate-ci-build/ | |
| docker buildx build --build-arg GO_VERSION=1.19 \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/gomplate-ci-build:${{ github.sha }} --push gomplate-ci-build/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/gomplate-ci-build:1.19 \ | |
| ghcr.io/hairyhenderson/gomplate-ci-build:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/gomplate-ci-build:1.19 \ | |
| hairyhenderson/gomplate-ci-build:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-jwt: | |
| name: docker build jwt | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3.0.0 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3.3.0 | |
| with: | |
| version: v0.12.0 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/jwt:${{ github.sha }} --load jwt/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Run Trivy vulnerability scanner (table output) | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/jwt:${{ github.sha }}' | |
| format: 'table' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| trivyignores: .trivyignore | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/jwt:${{ github.sha }}' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| # exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| # The SARIF format ignores severity and uploads all vulnerabilities for | |
| # later triage. The table-format step above is used to fail the build if | |
| # there are any critical or high vulnerabilities. | |
| # See https://github.com/aquasecurity/trivy-action/issues/95 | |
| # severity: 'CRITICAL,HIGH' | |
| trivyignores: .trivyignore | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/login-action@v3.1.0 | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3.1.0 | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/jwt:${{ github.sha }} --push jwt/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/jwt:${{ github.sha }} --push jwt/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/jwt:latest \ | |
| ghcr.io/hairyhenderson/jwt:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/jwt:latest \ | |
| hairyhenderson/jwt:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-man: | |
| name: docker build man | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3.0.0 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3.3.0 | |
| with: | |
| version: v0.12.0 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/man:${{ github.sha }} --load man/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Run Trivy vulnerability scanner (table output) | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/man:${{ github.sha }}' | |
| format: 'table' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| trivyignores: .trivyignore | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/man:${{ github.sha }}' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| # exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| # The SARIF format ignores severity and uploads all vulnerabilities for | |
| # later triage. The table-format step above is used to fail the build if | |
| # there are any critical or high vulnerabilities. | |
| # See https://github.com/aquasecurity/trivy-action/issues/95 | |
| # severity: 'CRITICAL,HIGH' | |
| trivyignores: .trivyignore | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/login-action@v3.1.0 | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3.1.0 | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/man:${{ github.sha }} --push man/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/man:${{ github.sha }} --push man/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/man:latest \ | |
| ghcr.io/hairyhenderson/man:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/man:latest \ | |
| hairyhenderson/man:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-sed: | |
| name: docker build sed | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3.0.0 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3.3.0 | |
| with: | |
| version: v0.12.0 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/sed:${{ github.sha }} --load sed/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Run Trivy vulnerability scanner (table output) | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/sed:${{ github.sha }}' | |
| format: 'table' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| trivyignores: .trivyignore | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/sed:${{ github.sha }}' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| # exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| # The SARIF format ignores severity and uploads all vulnerabilities for | |
| # later triage. The table-format step above is used to fail the build if | |
| # there are any critical or high vulnerabilities. | |
| # See https://github.com/aquasecurity/trivy-action/issues/95 | |
| # severity: 'CRITICAL,HIGH' | |
| trivyignores: .trivyignore | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/login-action@v3.1.0 | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3.1.0 | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/sed:${{ github.sha }} --push sed/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/sed:${{ github.sha }} --push sed/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/sed:latest \ | |
| ghcr.io/hairyhenderson/sed:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/sed:latest \ | |
| hairyhenderson/sed:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-socat: | |
| name: docker build socat | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3.0.0 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3.3.0 | |
| with: | |
| version: v0.12.0 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/socat:${{ github.sha }} --load socat/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Run Trivy vulnerability scanner (table output) | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/socat:${{ github.sha }}' | |
| format: 'table' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| trivyignores: .trivyignore | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/socat:${{ github.sha }}' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| # exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| # The SARIF format ignores severity and uploads all vulnerabilities for | |
| # later triage. The table-format step above is used to fail the build if | |
| # there are any critical or high vulnerabilities. | |
| # See https://github.com/aquasecurity/trivy-action/issues/95 | |
| # severity: 'CRITICAL,HIGH' | |
| trivyignores: .trivyignore | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/login-action@v3.1.0 | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3.1.0 | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/socat:${{ github.sha }} --push socat/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/socat:${{ github.sha }} --push socat/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/socat:latest \ | |
| ghcr.io/hairyhenderson/socat:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/socat:latest \ | |
| hairyhenderson/socat:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-ssh: | |
| name: docker build ssh | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3.0.0 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3.3.0 | |
| with: | |
| version: v0.12.0 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/ssh:${{ github.sha }} --load ssh/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Run Trivy vulnerability scanner (table output) | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/ssh:${{ github.sha }}' | |
| format: 'table' | |
| exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| trivyignores: .trivyignore | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'ghcr.io/hairyhenderson/ssh:${{ github.sha }}' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| # exit-code: 1 | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| # The SARIF format ignores severity and uploads all vulnerabilities for | |
| # later triage. The table-format step above is used to fail the build if | |
| # there are any critical or high vulnerabilities. | |
| # See https://github.com/aquasecurity/trivy-action/issues/95 | |
| # severity: 'CRITICAL,HIGH' | |
| trivyignores: .trivyignore | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/login-action@v3.1.0 | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3.1.0 | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/ssh:${{ github.sha }} --push ssh/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/ssh:${{ github.sha }} --push ssh/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/ssh:latest \ | |
| ghcr.io/hairyhenderson/ssh:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/ssh:latest \ | |
| hairyhenderson/ssh:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' |