diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 47ad03c1..acf37781 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -21,34 +21,15 @@ # More info at https://github.com/openwall/john-packages --- -name: Docker +name: Movement "on": - workflow_dispatch: - inputs: - type: - description: "The image must contain" - required: true - default: "ALL" - VERSION_NAME: - description: "The software version name" - required: true - default: "1.9.0-jumbo-1+" - tag: - description: "The image tag" - required: true - default: "latest" #TODO: edit before release (JUMBO_RELEASE) rolling - push: - description: "Push the resulting image to Docker registry?" - required: true - type: boolean - default: false push: branches: - - "docker" + - "move-image" env: - REPO: ghcr.io/${{ github.repository_owner }}/john + REPO: ghcr.io/${{ github.repository_owner }}/john-ci permissions: contents: read @@ -62,58 +43,7 @@ jobs: packages: write contents: read - outputs: - image: ${{ env.REPO }}:${{ github.event.inputs.tag }} - digest: ${{ steps.build-and-push.outputs.digest }} - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - api.github.com:443 - archive.ubuntu.com:80 - auth.docker.io:443 - developer.download.nvidia.com:443 - ghcr.io:443 - github.com:443 - ports.ubuntu.com:80 - production.cloudflare.docker.com:443 - raw.githubusercontent.com:443 - registry-1.docker.io:443 - security.ubuntu.com:80 - - - name: Check out the repo - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - - name: Get data - id: data - run: | - #TODO: edit before release (JUMBO_RELEASE) - { - echo "now=$(date -u)" - echo "revision=$(git rev-parse --short=7 HEAD 2>/dev/null)" - echo "version=1.9.$(date +%Y%m%d)" - } >> "$GITHUB_OUTPUT" - - - name: Docker meta - id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 - with: - images: ${{ env.REPO }}:${{ github.event.inputs.tag }} - labels: | - org.opencontainers.image.authors="Claudio André " - software="John the Ripper ${{ github.event.inputs.VERSION_NAME }}" - org.opencontainers.image.description="John the Ripper is an Open Source password security auditing and password recovery tool. See https://www.openwall.com/john/" - - - name: Set up QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - - name: Log in to GitHub Container Registry uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 with: @@ -122,46 +52,17 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build container image - id: build-and-push - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 - with: - context: "${{ github.workspace }}/deploy/docker" - platforms: linux/amd64,linux/arm64 - push: ${{ - (github.event.inputs.push || false) - }} - build-args: | - TYPE="${{ github.event.inputs.type }}" - tags: | - ${{ env.REPO }}:${{ github.event.inputs.tag || 'test' }} - ${{ env.REPO }}:${{ github.event.inputs.tag }}_J${{ github.run_number }} - ${{ env.REPO }}:${{ github.event.inputs.tag }}_${{ steps.data.outputs.version }} - labels: | - ${{ steps.meta.outputs.labels }} - outputs: "type=image,name=target,\ - annotation-index.software=John the Ripper ${{ github.event.inputs.VERSION_NAME }},\ - annotation-index.org.opencontainers.image.authors=Claudio André ,\ - annotation-index.org.opencontainers.image.created=${{ steps.data.outputs.now }},\ - annotation-index.org.opencontainers.image.description=John the Ripper is an Open Source password security auditing and password recovery tool. See https://www.openwall.com/john/,\ - annotation-index.org.opencontainers.image.licenses=GPL-2.0,\ - annotation-index.org.opencontainers.image.revision=${{ steps.data.outputs.revision }},\ - annotation-index.org.opencontainers.image.source=https://github.com/openwall/john-packages.git,\ - annotation-index.org.opencontainers.image.title=John the Ripper CE Auditing Tool,\ - annotation-index.org.opencontainers.image.url=https://www.openwall.com/john,\ - annotation-index.org.opencontainers.image.vendor=Openwall,\ - annotation-index.org.opencontainers.image.version=${{ steps.data.outputs.version }}" - - provenance: - if: ${{ github.event.inputs.push == 'true' }} - needs: [build] - permissions: - actions: read # for detecting the GitHub Actions environment. - id-token: write # for creating OIDC tokens for signing. - packages: write # for uploading attestations. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0 - with: - image: ${{ needs.build.outputs.image }} - digest: ${{ needs.build.outputs.digest }} - registry-username: ${{ github.actor }} - secrets: - registry-password: ${{ secrets.GITHUB_TOKEN }} + id: get-and-push + run: | + ls -la + docker pull claudioandre/john:opencl + docker pull claudioandre/john:opencl18 + + # ghcr.io/openwall/john-ci:opencl + # ghcr.io/openwall/john-ci:opencl18 + + docker tag claudioandre/john:opencl ghcr.io/openwall/john-ci:opencl + docker tag claudioandre/john:opencl18 ghcr.io/openwall/john-ci:opencl18 + docker images + # docker push ghcr.io/openwall/john-ci:opencl + # docker push ghcr.io/openwall/john-ci:opencl18