Skip to content
Build and publish container image

Add expiration date check for ignoring vulnerabilities #290

Sign in to view logs

Add expiration date check for ignoring vulnerabilities

Add expiration date check for ignoring vulnerabilities #290

Workflow file for this run

.github/workflows/publish.yml at 5cdfb9d
name: Build and publish container image
on:
push:
env:
TAG_NAME: octovy:${{ github.sha }}
GITHUB_IMAGE_REPO: ghcr.io/${{ github.repository_owner }}/octovy
GITHUB_IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/octovy:${{ github.sha }}
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Go Build Cache for Docker
uses: actions/cache@v3
with:
path: go-build-cache
key: ${{ runner.os }}-go-build-cache-${{ hashFiles('go.sum') }}
- name: inject go-build-cache into docker
# v1 was composed of two actions: "inject" and "extract".
# v2 is unified to a single action.
uses: reproducible-containers/[email protected]
with:
cache-source: go-build-cache
- name: Set up Docker buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
- name: Login to GitHub Container Registry
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Get the tag or commit id
id: version
run: |
if [[ $GITHUB_REF == refs/tags/* ]]; then
# If a tag is present, strip the 'refs/tags/' prefix
TAG_OR_COMMIT=$(echo $GITHUB_REF | sed 's/refs\/tags\///')
echo "This is a tag: $TAG_OR_COMMIT"
else
# If no tag is present, use the commit SHA
TAG_OR_COMMIT=$(echo $GITHUB_SHA)
echo "This is a commit SHA: $TAG_OR_COMMIT"
fi
# Set the variable for use in other steps
echo "TAG_OR_COMMIT=$TAG_OR_COMMIT" >> $GITHUB_OUTPUT
shell: bash
- name: Build and push
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
with:
context: .
push: true
tags: ${{ env.GITHUB_IMAGE_NAME }}
build-args: |
BUILD_VERSION=${{ steps.version.outputs.TAG_OR_COMMIT }}
cache-from: type=gha
cache-to: type=gha,mode=max
# platforms: linux/amd64,linux/arm64
- name: Slack Notification
uses: rtCamp/action-slack-notify@12e36fc18b0689399306c2e0b3e0f2978b7f1ee7 # v2.2.0
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
SLACK_MESSAGE: "Pushed to ${{ env.GITHUB_IMAGE_NAME }}"
release:
runs-on: ubuntu-latest
needs: build
if: startsWith(github.ref, 'refs/tags/')
steps:
- name: checkout
uses: actions/checkout@v2
- name: extract tag
id: tag
run: |
TAG=$(echo ${{ github.ref }} | sed -e "s#refs/tags/##g")
echo ::set-output name=tag::$TAG
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Pull Docker image
run: docker pull ${{ env.GITHUB_IMAGE_NAME }}
- name: Rename Docker image (tag name)
run: docker tag ${{ env.GITHUB_IMAGE_NAME }} "${{ env.GITHUB_IMAGE_REPO }}:${{ steps.tag.outputs.tag }}"
- name: Rename Docker image (latest)
run: docker tag ${{ env.GITHUB_IMAGE_NAME }} "${{ env.GITHUB_IMAGE_REPO }}:latest"
- name: Push Docker image (tag name)
run: docker push "${{ env.GITHUB_IMAGE_REPO }}:${{ steps.tag.outputs.tag }}"
- name: Push Docker image (latest)
run: docker push "${{ env.GITHUB_IMAGE_REPO }}:latest"
- name: Slack Notification
uses: rtCamp/action-slack-notify@v2
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
SLACK_MESSAGE: "Pushed to ${{ env.GITHUB_IMAGE_REPO }}:${{ steps.tag.outputs.tag }}"