forked from RaminNietzsche/CVE-Radar
-
Notifications
You must be signed in to change notification settings - Fork 0
117 lines (102 loc) · 3.77 KB
/
Copy pathrelease-docker-hub.yml
File metadata and controls
117 lines (102 loc) · 3.77 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# Category: Release | Build and push Docker image on semver tag. Secrets: DOCKERHUB_* (environment: docker).
name: Release / Docker Hub
on:
push:
tags:
- "v*"
permissions:
contents: read
concurrency:
group: release-docker-${{ github.ref }}
cancel-in-progress: false
env:
IMAGE_NAME: cve-radar
jobs:
docker:
name: Build and push
runs-on: ubuntu-latest
timeout-minutes: 45
environment: docker
permissions:
contents: read
packages: write
steps:
- name: Check Docker Hub secrets
id: hub
env:
DH_USER: ${{ secrets.DOCKERHUB_USERNAME }}
DH_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
run: |
if [ -n "$DH_USER" ] && [ -n "$DH_TOKEN" ]; then
echo "configured=true" >> "$GITHUB_OUTPUT"
else
echo "configured=false" >> "$GITHUB_OUTPUT"
echo "::notice::Skipping Docker Hub push — set DOCKERHUB_USERNAME and DOCKERHUB_TOKEN."
fi
- name: Checkout
if: steps.hub.outputs.configured == 'true'
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
- name: Set up Docker Buildx
if: steps.hub.outputs.configured == 'true'
uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- name: Log in to Docker Hub
if: steps.hub.outputs.configured == 'true'
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Docker metadata
if: steps.hub.outputs.configured == 'true'
id: meta
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
with:
images: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}
tags: |
type=semver,pattern={{version}}
type=raw,value=latest
- name: Build and push
if: steps.hub.outputs.configured == 'true'
id: build
uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Smoke test image
if: steps.hub.outputs.configured == 'true'
run: |
VERSION="${GITHUB_REF_NAME#v}"
IMAGE="${{ secrets.DOCKERHUB_USERNAME }}/cve-radar:${VERSION}"
docker run -d --name cve-radar-smoke -p 13001:3001 "$IMAGE"
for i in $(seq 1 15); do
if curl -fsS http://127.0.0.1:13001/api/health; then
docker rm -f cve-radar-smoke
exit 0
fi
sleep 2
done
docker logs cve-radar-smoke || true
docker rm -f cve-radar-smoke
exit 1
- name: Image summary
if: steps.hub.outputs.configured == 'true'
run: |
echo "### Published tags" >> "$GITHUB_STEP_SUMMARY"
echo '```' >> "$GITHUB_STEP_SUMMARY"
echo "${{ steps.meta.outputs.tags }}" >> "$GITHUB_STEP_SUMMARY"
echo '```' >> "$GITHUB_STEP_SUMMARY"
- name: Update Docker Hub overview
if: steps.hub.outputs.configured == 'true'
env:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
run: bash scripts/update-dockerhub-repo.sh
- name: Prune extra Docker Hub tags
if: steps.hub.outputs.configured == 'true'
env:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
run: bash scripts/prune-dockerhub-tags.sh