Skip to content

Docker

Docker #108

Workflow file for this run

###############################################################################
# _ _ _ _ _____ _
# | | | | | | | | | __ \(_)
# | | ___ | |__ _ __ | |_| |__ ___ | |__) |_ _ __ _ __ ___ _ __
# _ | |/ _ \| '_ \| '_ \ | __| '_ \ / _ \ | _ /| | '_ \| '_ \ / _ \ '__|
# | |__| | (_) | | | | | | | | |_| | | | __/ | | \ \| | |_) | |_) | __/ |
# \____/ \___/|_| |_|_| |_| \__|_| |_|\___| |_| \_\_| .__/| .__/ \___|_|
# | | | |
# |_| |_|
#
# Copyright (c) 2021-2023 Claudio André <claudioandre.br at gmail.com>
#
# This program comes with ABSOLUTELY NO WARRANTY; express or implied.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, as expressed in version 2, seen at
# http://www.gnu.org/licenses/gpl-2.0.html
###############################################################################
# Github Action to build John the Ripper's Docker image
# More info at https://github.com/openwall/john-packages
---
name: Docker Image
on:
workflow_dispatch:
inputs:
release:
description: "Is it a release build (needs a git checkout)?"
required: true
default: "false"
hash:
description: "The commit hash to be used"
required: false
#TODO: edit before release (JUMBO_RELEASE)
default: "39db7dd63e3fefb343c3dbb72eaa5c7599b6c298"
VERSION_NAME:
description: "The software version name"
required: true
default: "1.9.0-jumbo-1+" #TODO: edit before release (JUMBO_RELEASE)
tag:
description: "The image tag"
required: true
default: "latest" #TODO: edit before release (JUMBO_RELEASE) rolling
push:
description: "Push the resulting image to Docker registry?"
required: true
default: "true"
env:
REPO: ghcr.io/${{ github.repository_owner }}/john
permissions:
contents: read
jobs:
build:
name: Build Docker image
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
outputs:
image: ${{ env.REPO }}:${{ github.event.inputs.tag }}
digest: ${{ steps.build-and-push.outputs.digest }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
- name: Check out the repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Get data
id: data
run: |
#TODO: edit before release (JUMBO_RELEASE)
{
echo "now=$(date -u)"
echo "revision=$(git rev-parse --short=7 HEAD 2>/dev/null)"
echo "version=1.9.$(date +%Y%m%d)"
} >> "$GITHUB_OUTPUT"
- name: Docker meta
id: meta
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
with:
images: ${{ env.REPO }}:${{ github.event.inputs.tag }}
labels: |
org.opencontainers.image.authors="Claudio André <claudioandre.br at gmail com>"
software="John the Ripper ${{ github.event.inputs.VERSION_NAME }}"
org.opencontainers.image.description="John the Ripper is an Open Source password security auditing and password recovery tool. See https://www.openwall.com/john/"
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
- name: Log in to GitHub Container Registry
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build container image
id: build-and-push
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
with:
context: "${{ github.workspace }}/deploy/docker"
platforms: linux/amd64,linux/arm64
push: ${{ github.event.inputs.push }}
build-args: |
RELEASE="${{ github.event.inputs.release }}"
COMMIT="${{ github.event.inputs.hash }}"
tags: |
${{ env.REPO }}:${{ github.event.inputs.tag }}
${{ env.REPO }}:${{ github.event.inputs.tag }}_J${{ github.run_number }}
${{ env.REPO }}:${{ github.event.inputs.tag }}_${{ steps.data.outputs.version }}
labels: |
${{ steps.meta.outputs.labels }}
outputs: "type=image,name=target,\
annotation-index.software=John the Ripper ${{ github.event.inputs.VERSION_NAME }},\
annotation-index.org.opencontainers.image.authors=Claudio André <claudioandre.br at gmail com>,\
annotation-index.org.opencontainers.image.created=${{ steps.data.outputs.now }},\
annotation-index.org.opencontainers.image.description=John the Ripper is an Open Source password security auditing and password recovery tool. See https://www.openwall.com/john/,\
annotation-index.org.opencontainers.image.licenses=GPL-2.0,\
annotation-index.org.opencontainers.image.revision=${{ steps.data.outputs.revision }},\
annotation-index.org.opencontainers.image.source=https://github.com/openwall/john-packages.git,\
annotation-index.org.opencontainers.image.title=John the Ripper CE Auditing Tool,\
annotation-index.org.opencontainers.image.url=https://github.com/openwall/john-packages,\
annotation-index.org.opencontainers.image.vendor=Openwall,\
annotation-index.org.opencontainers.image.version=${{ steps.data.outputs.version }}"
provenance:
if: ${{ github.event.inputs.push == 'true' }}
needs: [build]
permissions:
actions: read # for detecting the Github Actions environment.
id-token: write # for creating OIDC tokens for signing.
packages: write # for uploading attestations.
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
image: ${{ needs.build.outputs.image }}
digest: ${{ needs.build.outputs.digest }}
registry-username: ${{ github.actor }}
secrets:
registry-password: ${{ secrets.GITHUB_TOKEN }}