Skip to content
Docker Image CI

Docker Image CI #123

Sign in to view logs

Docker Image CI

Docker Image CI #123

Workflow file for this run

.github/workflows/docker-publish.yml at 8573d54
name: Docker Image CI
on:
schedule:
- cron: '31 16 * * 1'
workflow_dispatch:
jobs:
Alpine:
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
security-events: write
steps:
-
name: Docker Setup QEMU
uses: docker/setup-qemu-action@v3
id: qemu
with:
platforms: amd64,arm64,arm
-
name: Docker Setup Buildx
id: buildx
uses: docker/setup-buildx-action@v3
-
name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Log into ghcr.io registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Login to Quay.io
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_ROBOT_TOKEN }}
-
name: Build and test docker image
uses: docker/build-push-action@v6
with:
# context: .
file: ./Dockerfile.alpine
load: true
tags: docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:alpine-test
cache-from: type=gha
cache-to: type=gha,mode=max
-
name: Test
run: |
docker run --rm docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:alpine-test doxygen --help
-
name: Retrieve doxygen version
run: |
echo "doxygen_version=$(docker run --rm docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:alpine-test doxygen -v)" >> $GITHUB_OUTPUT
id: version
# ${{ steps.version.outputs.doxygen_version }}
-
name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: image
image-ref: docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:alpine-test
format: 'sarif'
output: 'trivy-results-alpine.sarif'
severity: 'MEDIUM,CRITICAL,HIGH'
hide-progress: false
-
name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results-alpine.sarif'
-
name: Build and push Docker image
uses: docker/build-push-action@v6
with:
# context: .
file: ./Dockerfile.alpine
platforms: linux/amd64,linux/arm64,linux/arm/v7
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
tags: |
ghcr.io/kingpin/${{ github.event.repository.name }}:latest
ghcr.io/kingpin/${{ github.event.repository.name }}:alpine
ghcr.io/kingpin/${{ github.event.repository.name }}:alpine-${{ steps.version.outputs.doxygen_version }}
docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:latest
docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:alpine
docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:alpine-${{ steps.version.outputs.doxygen_version }}
quay.io/kingpinx1/${{ github.event.repository.name }}:latest
quay.io/kingpinx1/${{ github.event.repository.name }}:alpine
quay.io/kingpinx1/${{ github.event.repository.name }}:alpine-${{ steps.version.outputs.doxygen_version }}
Debian:
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
security-events: write
steps:
-
name: Docker Setup QEMU
uses: docker/setup-qemu-action@v3
id: qemu
with:
platforms: amd64,arm64,arm
-
name: Docker Setup Buildx
id: buildx
uses: docker/setup-buildx-action@v3
-
name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Log into ghcr.io registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Login to Quay.io
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_ROBOT_TOKEN }}
-
name: Build and test docker image
uses: docker/build-push-action@v6
with:
# context: .
file: ./Dockerfile.debian
load: true
tags: docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:debian-test
cache-from: type=gha
cache-to: type=gha,mode=max
-
name: Test
run: |
docker run --rm docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:debian-test doxygen --help
-
name: Retrieve doxygen version
run: |
echo "doxygen_version=$(docker run --rm docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:debian-test doxygen -v)" >> $GITHUB_OUTPUT
id: version
# ${{ steps.version.outputs.doxygen_version }}
-
name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: image
image-ref: docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:debian-test
format: 'sarif'
output: 'trivy-results-debian.sarif'
severity: 'MEDIUM,CRITICAL,HIGH'
hide-progress: false
-
name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results-debian.sarif'
-
name: Build and push Docker image
uses: docker/build-push-action@v6
with:
# context: .
file: ./Dockerfile.debian
platforms: linux/amd64,linux/arm64,linux/arm/v7
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
tags: |
ghcr.io/kingpin/${{ github.event.repository.name }}:debian
docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:debian
quay.io/kingpinx1/${{ github.event.repository.name }}:debian
ghcr.io/kingpin/${{ github.event.repository.name }}:debian-${{ steps.version.outputs.doxygen_version }}
docker.io/${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:debian-${{ steps.version.outputs.doxygen_version }}
quay.io/kingpinx1/${{ github.event.repository.name }}:debian-${{ steps.version.outputs.doxygen_version }}