-
Notifications
You must be signed in to change notification settings - Fork 18
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
maint: transfer OpenCL images to GitHub packages
Signed-off-by: Claudio André <[email protected]>
- Loading branch information
1 parent
a656a37
commit 2ed599f
Showing
1 changed file
with
17 additions
and
116 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -21,34 +21,15 @@ | |
| # More info at https://github.com/openwall/john-packages | ||
|
|
||
| --- | ||
| name: Docker | ||
| name: Movement | ||
|
|
||
| "on": | ||
| workflow_dispatch: | ||
| inputs: | ||
| type: | ||
| description: "The image must contain" | ||
| required: true | ||
| default: "ALL" | ||
| VERSION_NAME: | ||
| description: "The software version name" | ||
| required: true | ||
| default: "1.9.0-jumbo-1+" | ||
| tag: | ||
| description: "The image tag" | ||
| required: true | ||
| default: "latest" #TODO: edit before release (JUMBO_RELEASE) rolling | ||
| push: | ||
| description: "Push the resulting image to Docker registry?" | ||
| required: true | ||
| type: boolean | ||
| default: false | ||
| push: | ||
| branches: | ||
| - "docker" | ||
| - "move-image" | ||
|
|
||
| env: | ||
| REPO: ghcr.io/${{ github.repository_owner }}/john | ||
| REPO: ghcr.io/${{ github.repository_owner }}/john-ci | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
@@ -62,58 +43,7 @@ jobs: | |
| packages: write | ||
| contents: read | ||
|
|
||
| outputs: | ||
| image: ${{ env.REPO }}:${{ github.event.inputs.tag }} | ||
| digest: ${{ steps.build-and-push.outputs.digest }} | ||
|
|
||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | ||
| with: | ||
| disable-sudo: true | ||
| egress-policy: block | ||
| allowed-endpoints: > | ||
| api.github.com:443 | ||
| archive.ubuntu.com:80 | ||
| auth.docker.io:443 | ||
| developer.download.nvidia.com:443 | ||
| ghcr.io:443 | ||
| github.com:443 | ||
| ports.ubuntu.com:80 | ||
| production.cloudflare.docker.com:443 | ||
| raw.githubusercontent.com:443 | ||
| registry-1.docker.io:443 | ||
| security.ubuntu.com:80 | ||
| - name: Check out the repo | ||
| uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | ||
|
|
||
| - name: Get data | ||
| id: data | ||
| run: | | ||
| #TODO: edit before release (JUMBO_RELEASE) | ||
| { | ||
| echo "now=$(date -u)" | ||
| echo "revision=$(git rev-parse --short=7 HEAD 2>/dev/null)" | ||
| echo "version=1.9.$(date +%Y%m%d)" | ||
| } >> "$GITHUB_OUTPUT" | ||
| - name: Docker meta | ||
| id: meta | ||
| uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 | ||
| with: | ||
| images: ${{ env.REPO }}:${{ github.event.inputs.tag }} | ||
| labels: | | ||
| org.opencontainers.image.authors="Claudio André <claudioandre.br at gmail com>" | ||
| software="John the Ripper ${{ github.event.inputs.VERSION_NAME }}" | ||
| org.opencontainers.image.description="John the Ripper is an Open Source password security auditing and password recovery tool. See https://www.openwall.com/john/" | ||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 | ||
|
|
||
| - name: Log in to GitHub Container Registry | ||
| uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 | ||
| with: | ||
|
|
@@ -122,46 +52,17 @@ jobs: | |
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Build container image | ||
| id: build-and-push | ||
| uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 | ||
| with: | ||
| context: "${{ github.workspace }}/deploy/docker" | ||
| platforms: linux/amd64,linux/arm64 | ||
| push: ${{ | ||
| (github.event.inputs.push || false) | ||
| }} | ||
| build-args: | | ||
| TYPE="${{ github.event.inputs.type }}" | ||
| tags: | | ||
| ${{ env.REPO }}:${{ github.event.inputs.tag || 'test' }} | ||
| ${{ env.REPO }}:${{ github.event.inputs.tag }}_J${{ github.run_number }} | ||
| ${{ env.REPO }}:${{ github.event.inputs.tag }}_${{ steps.data.outputs.version }} | ||
| labels: | | ||
| ${{ steps.meta.outputs.labels }} | ||
| outputs: "type=image,name=target,\ | ||
| annotation-index.software=John the Ripper ${{ github.event.inputs.VERSION_NAME }},\ | ||
| annotation-index.org.opencontainers.image.authors=Claudio André <claudioandre.br at gmail com>,\ | ||
| annotation-index.org.opencontainers.image.created=${{ steps.data.outputs.now }},\ | ||
| annotation-index.org.opencontainers.image.description=John the Ripper is an Open Source password security auditing and password recovery tool. See https://www.openwall.com/john/,\ | ||
| annotation-index.org.opencontainers.image.licenses=GPL-2.0,\ | ||
| annotation-index.org.opencontainers.image.revision=${{ steps.data.outputs.revision }},\ | ||
| annotation-index.org.opencontainers.image.source=https://github.com/openwall/john-packages.git,\ | ||
| annotation-index.org.opencontainers.image.title=John the Ripper CE Auditing Tool,\ | ||
| annotation-index.org.opencontainers.image.url=https://www.openwall.com/john,\ | ||
| annotation-index.org.opencontainers.image.vendor=Openwall,\ | ||
| annotation-index.org.opencontainers.image.version=${{ steps.data.outputs.version }}" | ||
|
|
||
| provenance: | ||
| if: ${{ github.event.inputs.push == 'true' }} | ||
| needs: [build] | ||
| permissions: | ||
| actions: read # for detecting the GitHub Actions environment. | ||
| id-token: write # for creating OIDC tokens for signing. | ||
| packages: write # for uploading attestations. | ||
| uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | ||
| with: | ||
| image: ${{ needs.build.outputs.image }} | ||
| digest: ${{ needs.build.outputs.digest }} | ||
| registry-username: ${{ github.actor }} | ||
| secrets: | ||
| registry-password: ${{ secrets.GITHUB_TOKEN }} | ||
| id: get-and-push | ||
| run: | | ||
| ls -la | ||
| docker pull claudioandre/john:opencl | ||
| docker pull claudioandre/john:opencl18 | ||
| # ghcr.io/openwall/john-ci:opencl | ||
| # ghcr.io/openwall/john-ci:opencl18 | ||
| docker tag claudioandre/john:opencl ghcr.io/openwall/john-ci:opencl | ||
| docker tag claudioandre/john:opencl18 ghcr.io/openwall/john-ci:opencl18 | ||
| docker images | ||
| # docker push ghcr.io/openwall/john-ci:opencl | ||
| # docker push ghcr.io/openwall/john-ci:opencl18 | ||
2ed599fThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@check-spelling-bot Report
🔴 Please review
See the 📜action log or 📝 job summary for details.
Unrecognized words (2)
sonarlint
sonarsource
Previously acknowledged words that are now absent
archs cloudflare Keplr pdf slsa virusscan 🫥To accept these unrecognized words as correct and remove the previously acknowledged and now absent words, you could run the following commands
... in a clone of the [email protected]:openwall/john-packages.git repository
on the
move-imagebranch (ℹ️ how do I use this?):Available 📚 dictionaries could cover words (expected and unrecognized) not in the 📘 dictionary
This includes both expected items (224) from .github/actions/spelling/expect.txt and unrecognized words (2)
Consider adding them (in
.github/workflows/spelling.yml) foruses: check-spelling/check-spelling@26b46adbdebd5dd0b34c7155113d50c40f43fb22in itswith:To stop checking additional dictionaries, add (in
.github/workflows/spelling.yml) foruses: check-spelling/check-spelling@26b46adbdebd5dd0b34c7155113d50c40f43fb22in itswith: