Skip to content
This repository has been archived by the owner on Sep 14, 2024. It is now read-only.

saveweb Images CI

saveweb Images CI #3

Workflow file for this run

name: saveweb Images CI
on:
push:
branches:
- 'master'
paths:
- '.github/workflows/saveweb.yml'
- './lowapk-v2.Dockerfile'
schedule:
- cron: "30 1 * * *"
workflow_dispatch:
env:
REGISTRY_IMAGE: ${{ secrets.DOCKERHUB_USERNAME }}/saveweb
jobs:
lowapk-v2:
name: lowapk-v2
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
include:
- tag: saveweb:lowapk-v2-amd
dockerfile: "./lowapk-v2.Dockerfile"
platforms: linux/amd64
- tag: saveweb:lowapk-v2-arm
dockerfile: "./lowapk-v2.Dockerfile"
platforms: linux/arm64
steps:
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push by digest
id: build
uses: docker/build-push-action@v6
with:
push: true
file: ${{ matrix.dockerfile }}
platforms: ${{ matrix.platforms }}
cache-from: type=gha,scope=${{ matrix.platforms }}
cache-to: type=gha,mode=max,scope=${{ matrix.platforms }}
outputs: type=image,compression=estargz,force-compression=true,oci-mediatypes=true,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
-
name: Export digest
run: |
mkdir -p /tmp/lowapk-v2-digests/
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/lowapk-v2-digests/${digest#sha256:}"
platform=${{ matrix.platforms }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
-
name: Upload digest
uses: actions/upload-artifact@v4
with:
name: lowapk-v2-digests-${{ env.PLATFORM_PAIR }}
path: /tmp/lowapk-v2-digests/*
if-no-files-found: error
retention-days: 1
lowapk-v2-multiarch:
runs-on: ubuntu-24.04
needs:
- lowapk-v2
steps:
-
name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/lowapk-v2-digests/
pattern: lowapk-v2-digests-*
merge-multiple: true
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Create manifest list and push
working-directory: /tmp/lowapk-v2-digests/
run: |
docker buildx imagetools create --tag ${{ env.REGISTRY_IMAGE }}:lowapk-v2 \
$(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
-
name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:lowapk-v2 \
| grep -Po '[^ \r\n\t\v]+@sha256:[a-z0-9]+' | xargs -r -t -n 1 docker buildx imagetools inspect --raw
-
name: Run Trivy vulnerability scanner
uses: aquasecurity/[email protected]
with:
image-ref: "${{ env.REGISTRY_IMAGE }}:lowapk-v2"
format: 'table'