build(deps): Bump docker/buildx-bin from 0.17.1 to 0.18.0 in /ci-buil… #1896
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker Build | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| schedule: | |
| - cron: '42 2 * * 2' | |
| jobs: | |
| docker-build-bashbrew: | |
| name: docker build bashbrew | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| with: | |
| version: v0.12.0 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/bashbrew:${{ github.sha }} --load bashbrew/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Install Trivy | |
| uses: aquasecurity/[email protected] | |
| with: | |
| version: v0.57.0 | |
| cache: true | |
| - name: Download Trivy DB | |
| run: | | |
| trivy fs --no-progress --download-db-only --db-repository public.ecr.aws/aquasecurity/trivy-db | |
| - name: Run Trivy vulnerability scanner (table output) | |
| run: | | |
| trivy image \ | |
| --scanners vuln \ | |
| --format table \ | |
| --exit-code 1 \ | |
| --ignore-unfixed \ | |
| --pkg-types os,library \ | |
| --severity CRITICAL,HIGH \ | |
| --skip-db-update \ | |
| ghcr.io/hairyhenderson/bashbrew:${{ github.sha }} | |
| - name: Run Trivy vulnerability scanner | |
| run: | | |
| trivy image \ | |
| --scanners vuln \ | |
| --format sarif \ | |
| --output trivy-results.sarif \ | |
| --ignore-unfixed \ | |
| --pkg-types os,library \ | |
| --ignorefile .trivyignore \ | |
| --skip-db-update \ | |
| ghcr.io/hairyhenderson/bashbrew:${{ github.sha }} | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/[email protected] | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/bashbrew:${{ github.sha }} --push bashbrew/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/bashbrew:${{ github.sha }} --push bashbrew/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/bashbrew:latest \ | |
| ghcr.io/hairyhenderson/bashbrew:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/bashbrew:latest \ | |
| hairyhenderson/bashbrew:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-ci-builder: | |
| name: docker build ci-builder | |
| needs: | |
| - docker-build-bashbrew | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| with: | |
| version: v0.12.0 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/ci-builder:${{ github.sha }} --load ci-builder/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Install Trivy | |
| uses: aquasecurity/[email protected] | |
| with: | |
| version: v0.57.0 | |
| cache: true | |
| - name: Download Trivy DB | |
| run: | | |
| trivy fs --no-progress --download-db-only --db-repository public.ecr.aws/aquasecurity/trivy-db | |
| - name: Run Trivy vulnerability scanner (table output) | |
| run: | | |
| trivy image \ | |
| --scanners vuln \ | |
| --format table \ | |
| --exit-code 1 \ | |
| --ignore-unfixed \ | |
| --pkg-types os,library \ | |
| --severity CRITICAL,HIGH \ | |
| --skip-db-update \ | |
| ghcr.io/hairyhenderson/ci-builder:${{ github.sha }} | |
| - name: Run Trivy vulnerability scanner | |
| run: | | |
| trivy image \ | |
| --scanners vuln \ | |
| --format sarif \ | |
| --output trivy-results.sarif \ | |
| --ignore-unfixed \ | |
| --pkg-types os,library \ | |
| --ignorefile .trivyignore \ | |
| --skip-db-update \ | |
| ghcr.io/hairyhenderson/ci-builder:${{ github.sha }} | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/[email protected] | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/ci-builder:${{ github.sha }} --push ci-builder/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/ci-builder:${{ github.sha }} --push ci-builder/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/ci-builder:latest \ | |
| ghcr.io/hairyhenderson/ci-builder:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/ci-builder:latest \ | |
| hairyhenderson/ci-builder:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-dockerfiles-builder: | |
| name: docker build dockerfiles-builder | |
| needs: | |
| - docker-build-bashbrew | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| with: | |
| version: v0.12.0 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/dockerfiles-builder:${{ github.sha }} --load dockerfiles-builder/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Install Trivy | |
| uses: aquasecurity/[email protected] | |
| with: | |
| version: v0.57.0 | |
| cache: true | |
| - name: Download Trivy DB | |
| run: | | |
| trivy fs --no-progress --download-db-only --db-repository public.ecr.aws/aquasecurity/trivy-db | |
| - name: Run Trivy vulnerability scanner (table output) | |
| run: | | |
| trivy image \ | |
| --scanners vuln \ | |
| --format table \ | |
| --exit-code 1 \ | |
| --ignore-unfixed \ | |
| --pkg-types os,library \ | |
| --severity CRITICAL,HIGH \ | |
| --skip-db-update \ | |
| ghcr.io/hairyhenderson/dockerfiles-builder:${{ github.sha }} | |
| - name: Run Trivy vulnerability scanner | |
| run: | | |
| trivy image \ | |
| --scanners vuln \ | |
| --format sarif \ | |
| --output trivy-results.sarif \ | |
| --ignore-unfixed \ | |
| --pkg-types os,library \ | |
| --ignorefile .trivyignore \ | |
| --skip-db-update \ | |
| ghcr.io/hairyhenderson/dockerfiles-builder:${{ github.sha }} | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/[email protected] | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/dockerfiles-builder:${{ github.sha }} --push dockerfiles-builder/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/dockerfiles-builder:${{ github.sha }} --push dockerfiles-builder/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/dockerfiles-builder:latest \ | |
| ghcr.io/hairyhenderson/dockerfiles-builder:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/dockerfiles-builder:latest \ | |
| hairyhenderson/dockerfiles-builder:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-figlet: | |
| name: docker build figlet | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| with: | |
| version: v0.12.0 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/figlet:${{ github.sha }} --load figlet/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Install Trivy | |
| uses: aquasecurity/[email protected] | |
| with: | |
| version: v0.57.0 | |
| cache: true | |
| - name: Download Trivy DB | |
| run: | | |
| trivy fs --no-progress --download-db-only --db-repository public.ecr.aws/aquasecurity/trivy-db | |
| - name: Run Trivy vulnerability scanner (table output) | |
| run: | | |
| trivy image \ | |
| --scanners vuln \ | |
| --format table \ | |
| --exit-code 1 \ | |
| --ignore-unfixed \ | |
| --pkg-types os,library \ | |
| --severity CRITICAL,HIGH \ | |
| --skip-db-update \ | |
| ghcr.io/hairyhenderson/figlet:${{ github.sha }} | |
| - name: Run Trivy vulnerability scanner | |
| run: | | |
| trivy image \ | |
| --scanners vuln \ | |
| --format sarif \ | |
| --output trivy-results.sarif \ | |
| --ignore-unfixed \ | |
| --pkg-types os,library \ | |
| --ignorefile .trivyignore \ | |
| --skip-db-update \ | |
| ghcr.io/hairyhenderson/figlet:${{ github.sha }} | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/[email protected] | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/figlet:${{ github.sha }} --push figlet/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/figlet:${{ github.sha }} --push figlet/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/figlet:latest \ | |
| ghcr.io/hairyhenderson/figlet:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/figlet:latest \ | |
| hairyhenderson/figlet:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-gomplate-ci-build: | |
| name: docker build gomplate-ci-build | |
| needs: | |
| - docker-build-bashbrew | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| with: | |
| version: v0.12.0 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/gomplate-ci-build:${{ github.sha }} --load gomplate-ci-build/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Install Trivy | |
| uses: aquasecurity/[email protected] | |
| with: | |
| version: v0.57.0 | |
| cache: true | |
| - name: Download Trivy DB | |
| run: | | |
| trivy fs --no-progress --download-db-only --db-repository public.ecr.aws/aquasecurity/trivy-db | |
| - name: Run Trivy vulnerability scanner (table output) | |
| run: | | |
| trivy image \ | |
| --scanners vuln \ | |
| --format table \ | |
| --exit-code 1 \ | |
| --ignore-unfixed \ | |
| --pkg-types os,library \ | |
| --severity CRITICAL,HIGH \ | |
| --skip-db-update \ | |
| ghcr.io/hairyhenderson/gomplate-ci-build:${{ github.sha }} | |
| - name: Run Trivy vulnerability scanner | |
| run: | | |
| trivy image \ | |
| --scanners vuln \ | |
| --format sarif \ | |
| --output trivy-results.sarif \ | |
| --ignore-unfixed \ | |
| --pkg-types os,library \ | |
| --ignorefile .trivyignore \ | |
| --skip-db-update \ | |
| ghcr.io/hairyhenderson/gomplate-ci-build:${{ github.sha }} | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/[email protected] | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/gomplate-ci-build:${{ github.sha }} --push gomplate-ci-build/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/gomplate-ci-build:${{ github.sha }} --push gomplate-ci-build/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/gomplate-ci-build:latest \ | |
| ghcr.io/hairyhenderson/gomplate-ci-build:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/gomplate-ci-build:latest \ | |
| hairyhenderson/gomplate-ci-build:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-jwt: | |
| name: docker build jwt | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| with: | |
| version: v0.12.0 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/jwt:${{ github.sha }} --load jwt/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Install Trivy | |
| uses: aquasecurity/[email protected] | |
| with: | |
| version: v0.57.0 | |
| cache: true | |
| - name: Download Trivy DB | |
| run: | | |
| trivy fs --no-progress --download-db-only --db-repository public.ecr.aws/aquasecurity/trivy-db | |
| - name: Run Trivy vulnerability scanner (table output) | |
| run: | | |
| trivy image \ | |
| --scanners vuln \ | |
| --format table \ | |
| --exit-code 1 \ | |
| --ignore-unfixed \ | |
| --pkg-types os,library \ | |
| --severity CRITICAL,HIGH \ | |
| --skip-db-update \ | |
| ghcr.io/hairyhenderson/jwt:${{ github.sha }} | |
| - name: Run Trivy vulnerability scanner | |
| run: | | |
| trivy image \ | |
| --scanners vuln \ | |
| --format sarif \ | |
| --output trivy-results.sarif \ | |
| --ignore-unfixed \ | |
| --pkg-types os,library \ | |
| --ignorefile .trivyignore \ | |
| --skip-db-update \ | |
| ghcr.io/hairyhenderson/jwt:${{ github.sha }} | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/[email protected] | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/jwt:${{ github.sha }} --push jwt/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/jwt:${{ github.sha }} --push jwt/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/jwt:latest \ | |
| ghcr.io/hairyhenderson/jwt:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/jwt:latest \ | |
| hairyhenderson/jwt:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-man: | |
| name: docker build man | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| with: | |
| version: v0.12.0 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/man:${{ github.sha }} --load man/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Install Trivy | |
| uses: aquasecurity/[email protected] | |
| with: | |
| version: v0.57.0 | |
| cache: true | |
| - name: Download Trivy DB | |
| run: | | |
| trivy fs --no-progress --download-db-only --db-repository public.ecr.aws/aquasecurity/trivy-db | |
| - name: Run Trivy vulnerability scanner (table output) | |
| run: | | |
| trivy image \ | |
| --scanners vuln \ | |
| --format table \ | |
| --exit-code 1 \ | |
| --ignore-unfixed \ | |
| --pkg-types os,library \ | |
| --severity CRITICAL,HIGH \ | |
| --skip-db-update \ | |
| ghcr.io/hairyhenderson/man:${{ github.sha }} | |
| - name: Run Trivy vulnerability scanner | |
| run: | | |
| trivy image \ | |
| --scanners vuln \ | |
| --format sarif \ | |
| --output trivy-results.sarif \ | |
| --ignore-unfixed \ | |
| --pkg-types os,library \ | |
| --ignorefile .trivyignore \ | |
| --skip-db-update \ | |
| ghcr.io/hairyhenderson/man:${{ github.sha }} | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/[email protected] | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/man:${{ github.sha }} --push man/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/man:${{ github.sha }} --push man/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/man:latest \ | |
| ghcr.io/hairyhenderson/man:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/man:latest \ | |
| hairyhenderson/man:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-sed: | |
| name: docker build sed | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| with: | |
| version: v0.12.0 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/sed:${{ github.sha }} --load sed/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Install Trivy | |
| uses: aquasecurity/[email protected] | |
| with: | |
| version: v0.57.0 | |
| cache: true | |
| - name: Download Trivy DB | |
| run: | | |
| trivy fs --no-progress --download-db-only --db-repository public.ecr.aws/aquasecurity/trivy-db | |
| - name: Run Trivy vulnerability scanner (table output) | |
| run: | | |
| trivy image \ | |
| --scanners vuln \ | |
| --format table \ | |
| --exit-code 1 \ | |
| --ignore-unfixed \ | |
| --pkg-types os,library \ | |
| --severity CRITICAL,HIGH \ | |
| --skip-db-update \ | |
| ghcr.io/hairyhenderson/sed:${{ github.sha }} | |
| - name: Run Trivy vulnerability scanner | |
| run: | | |
| trivy image \ | |
| --scanners vuln \ | |
| --format sarif \ | |
| --output trivy-results.sarif \ | |
| --ignore-unfixed \ | |
| --pkg-types os,library \ | |
| --ignorefile .trivyignore \ | |
| --skip-db-update \ | |
| ghcr.io/hairyhenderson/sed:${{ github.sha }} | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/[email protected] | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/sed:${{ github.sha }} --push sed/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/sed:${{ github.sha }} --push sed/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/sed:latest \ | |
| ghcr.io/hairyhenderson/sed:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/sed:latest \ | |
| hairyhenderson/sed:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-socat: | |
| name: docker build socat | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| with: | |
| version: v0.12.0 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/socat:${{ github.sha }} --load socat/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Install Trivy | |
| uses: aquasecurity/[email protected] | |
| with: | |
| version: v0.57.0 | |
| cache: true | |
| - name: Download Trivy DB | |
| run: | | |
| trivy fs --no-progress --download-db-only --db-repository public.ecr.aws/aquasecurity/trivy-db | |
| - name: Run Trivy vulnerability scanner (table output) | |
| run: | | |
| trivy image \ | |
| --scanners vuln \ | |
| --format table \ | |
| --exit-code 1 \ | |
| --ignore-unfixed \ | |
| --pkg-types os,library \ | |
| --severity CRITICAL,HIGH \ | |
| --skip-db-update \ | |
| ghcr.io/hairyhenderson/socat:${{ github.sha }} | |
| - name: Run Trivy vulnerability scanner | |
| run: | | |
| trivy image \ | |
| --scanners vuln \ | |
| --format sarif \ | |
| --output trivy-results.sarif \ | |
| --ignore-unfixed \ | |
| --pkg-types os,library \ | |
| --ignorefile .trivyignore \ | |
| --skip-db-update \ | |
| ghcr.io/hairyhenderson/socat:${{ github.sha }} | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/[email protected] | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/socat:${{ github.sha }} --push socat/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/socat:${{ github.sha }} --push socat/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/socat:latest \ | |
| ghcr.io/hairyhenderson/socat:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/socat:latest \ | |
| hairyhenderson/socat:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| docker-build-ssh: | |
| name: docker build ssh | |
| runs-on: ubuntu-22.04 | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| - name: enable experimental mode | |
| run: | | |
| mkdir -p ~/.docker | |
| echo '{"experimental": "enabled"}' > ~/.docker/config.json | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| with: | |
| version: v0.12.0 | |
| driver-opts: | | |
| image=moby/buildkit:buildx-stable-1 | |
| network=host | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Build (non-main branch) | |
| run: | | |
| docker buildx build --tag ghcr.io/hairyhenderson/ssh:${{ github.sha }} --load ssh/ | |
| if: github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Install Trivy | |
| uses: aquasecurity/[email protected] | |
| with: | |
| version: v0.57.0 | |
| cache: true | |
| - name: Download Trivy DB | |
| run: | | |
| trivy fs --no-progress --download-db-only --db-repository public.ecr.aws/aquasecurity/trivy-db | |
| - name: Run Trivy vulnerability scanner (table output) | |
| run: | | |
| trivy image \ | |
| --scanners vuln \ | |
| --format table \ | |
| --exit-code 1 \ | |
| --ignore-unfixed \ | |
| --pkg-types os,library \ | |
| --severity CRITICAL,HIGH \ | |
| --skip-db-update \ | |
| ghcr.io/hairyhenderson/ssh:${{ github.sha }} | |
| - name: Run Trivy vulnerability scanner | |
| run: | | |
| trivy image \ | |
| --scanners vuln \ | |
| --format sarif \ | |
| --output trivy-results.sarif \ | |
| --ignore-unfixed \ | |
| --pkg-types os,library \ | |
| --ignorefile .trivyignore \ | |
| --skip-db-update \ | |
| ghcr.io/hairyhenderson/ssh:${{ github.sha }} | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| if: always() && github.repository == 'hairyhenderson/dockerfiles' | |
| - name: Login to GHCR | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.GHCR_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Login to DockerHub | |
| uses: docker/[email protected] | |
| with: | |
| username: '${{ github.actor }}' | |
| password: '${{ secrets.DOCKERHUB_TOKEN }}' | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' | |
| - name: Build & Push (main branch) | |
| run: | | |
| PLATFORMS=linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag ghcr.io/hairyhenderson/ssh:${{ github.sha }} --push ssh/ | |
| docker buildx build \ | |
| --platform $PLATFORMS \ | |
| --tag hairyhenderson/ssh:${{ github.sha }} --push ssh/ | |
| docker buildx imagetools create \ | |
| -t ghcr.io/hairyhenderson/ssh:latest \ | |
| ghcr.io/hairyhenderson/ssh:${{ github.sha }} | |
| docker buildx imagetools create \ | |
| -t hairyhenderson/ssh:latest \ | |
| hairyhenderson/ssh:${{ github.sha }} | |
| if: github.repository == 'hairyhenderson/dockerfiles' && github.actor == 'hairyhenderson' && github.ref == 'refs/heads/main' |