Use docker/metadata-action in deploy-DEV-linters workflow

.github/workflows/deploy-DEV-linters.yml

@@ -32,33 +32,16 @@ concurrency:
 
 jobs:
 
-  prepare:
-    name: Prepare matrix
-    runs-on: ubuntu-latest
-    outputs:
-      tag: ${{ steps.image_tag.outputs.tag }}
-    steps:
-
-    - name: Build image tag name
-      id: image_tag
-      run: |
-        BRANCH_NAME="${GITHUB_REF##*/}"
-        TAG="test-${{ github.actor }}-${BRANCH_NAME}"
-        echo "Tag name: ${TAG}"
-        echo "tag=${TAG}" >>"$GITHUB_OUTPUT"
-
   build:
     # Name the Job
-    name: Deploy Docker Image - DEV - Linters
-    needs: prepare
+    name: DEV/Linters
     # Set the agent to run on
-    runs-on: ${{ matrix.os }}
+    runs-on: ubuntu-latest
     permissions: read-all
     strategy:
       fail-fast: false
-      max-parallel: 10
+      max-parallel: 14
       matrix:
-        os: [ubuntu-latest]
         # linters-start
         linter:
           [
@@ -182,6 +165,7 @@ jobs:
             "yaml_v8r",
           ]
 # linters-end
+        platform: ['linux/amd64']
     # Only run this on the main repo
     if: |
         (
@@ -194,35 +178,44 @@ jobs:
     # Load all steps #
     ##################
     steps:
+      - name: Collect Workflow Telemetry
+        uses: runforesight/workflow-telemetry-action@v1
+        with:
+          comment_on_pr: false
 
       - name: Checkout Code
         uses: actions/checkout@v4
+
+      - name: Docker Metadata action
+        uses: docker/metadata-action@v5.0.0
+        id: meta
+        with:
+          images: |
+            ${{ github.repository }}-only-${{ matrix.linter }}
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
+        if: ${{ ( ( runner.arch != 'X64' || runner.os != 'Linux' ) && matrix.platform == 'linux/amd64' ) || matrix.platform != 'linux/amd64' }}
+
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Get current date
-        run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> ${GITHUB_ENV}
-
       - name: Build Image
         uses: docker/build-push-action@v5
         with:
           context: .
           file: linters/${{ matrix.linter }}/Dockerfile
-          platforms: linux/amd64
+          platforms: ${{ matrix.platform }}
           build-args: |
-            BUILD_DATE=${{ env.BUILD_DATE }}
-            BUILD_REVISION=${{ github.sha }}
-            BUILD_VERSION=${{ needs.prepare.outputs.tag }}
+            BUILD_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
+            BUILD_VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}
+            BUILD_REVISION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
           load: true
           push: false
           secrets: |
             GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
-          tags: |
-            oxsecurity/megalinter-only-${{ matrix.linter }}:${{ needs.prepare.outputs.tag }}
+          tags: ${{ steps.meta.outputs.tags }}
 
       #####################################
       # Run Linter test cases #
@@ -236,7 +229,7 @@ jobs:
           TEST_KEYWORDS_TO_USE_UPPER="${{ matrix.linter }}"
           TEST_KEYWORDS_TO_USE="${TEST_KEYWORDS_TO_USE_UPPER,,}"
           docker image ls
-          docker run -e TEST_CASE_RUN=true -e OUTPUT_FORMAT=text -e OUTPUT_FOLDER=${{ github.sha }} -e OUTPUT_DETAIL=detailed -e GITHUB_SHA=${{ github.sha }} -e GITHUB_REPOSITORY=${GITHUB_REPOSITORY} -e GITHUB_BRANCH=${GITHUB_BRANCH} -e GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}" -e TEST_KEYWORDS="${TEST_KEYWORDS_TO_USE}" -e MEGALINTER_VOLUME_ROOT="${GITHUB_WORKSPACE}" -v "/var/run/docker.sock:/var/run/docker.sock:rw" -v ${GITHUB_WORKSPACE}:/tmp/lint oxsecurity/megalinter-only-${{ matrix.linter }}:${{ needs.prepare.outputs.tag }}
+          docker run -e TEST_CASE_RUN=true -e OUTPUT_FORMAT=text -e OUTPUT_FOLDER=${{ github.sha }} -e OUTPUT_DETAIL=detailed -e GITHUB_SHA=${{ github.sha }} -e GITHUB_REPOSITORY=${GITHUB_REPOSITORY} -e GITHUB_BRANCH=${GITHUB_BRANCH} -e GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}" -e TEST_KEYWORDS="${TEST_KEYWORDS_TO_USE}" -e MEGALINTER_VOLUME_ROOT="${GITHUB_WORKSPACE}" -v "/var/run/docker.sock:/var/run/docker.sock:rw" -v ${GITHUB_WORKSPACE}:/tmp/lint ${{ fromJson(steps.meta.outputs.json).tags[0]}}
         timeout-minutes: 30
 
       ##############################################
@@ -245,11 +238,12 @@ jobs:
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: 'docker.io/oxsecurity/megalinter-only-${{ matrix.linter }}:${{ needs.prepare.outputs.tag }}'
+          image-ref: 'docker.io/${{ fromJson(steps.meta.outputs.json).tags[0] }}'
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true
           scanners: vuln
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'
           timeout: 10m0s
+

CHANGELOG.md

@@ -20,6 +20,7 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
 
 - CI
   - Upgrade pymdown-extensions and markdown, by @BryanQuigley in [#3053](https://github.com/oxsecurity/megalinter/pull/3053)
+  - Use docker/metadata-action for some internal CI, by @echoix in [#3110](https://github.com/oxsecurity/megalinter/pull/3110)
 
 - Linter versions upgrades
   - [protolint](https://github.com/yoheimuta/protolint) from 0.46.2 to **0.46.3** on 2023-10-29

Dockerfile

@@ -39,7 +39,7 @@ FROM checkmarx/kics:alpine as kics
 FROM trufflesecurity/trufflehog:latest as trufflehog
 FROM jdkato/vale:latest as vale
 FROM lycheeverse/lychee:latest-alpine as lychee
-FROM ghcr.io/terraform-linters/tflint:v0.48.0 as tflint
+FROM ghcr.io/terraform-linters/tflint:v0.49.0 as tflint
 FROM tenable/terrascan:1.18.3 as terrascan
 FROM alpine/terragrunt:latest as terragrunt
 # Next FROM line commented because already managed by another linter