mirror of
https://github.com/ditkrg/build-image-workflow.git
synced 2026-01-23 01:26:50 +00:00
Compare commits
No commits in common. "main" and "v1.2.1" have entirely different histories.
2
.github/workflows/update-main-version.yaml
vendored
2
.github/workflows/update-main-version.yaml
vendored
@ -9,7 +9,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
|
||||
2
.github/workflows/workflow.yaml
vendored
2
.github/workflows/workflow.yaml
vendored
@ -82,7 +82,7 @@ jobs:
|
||||
password: ${{ secrets.password }}
|
||||
|
||||
- name: Build Docker images
|
||||
uses: docker/build-push-action@v6
|
||||
uses: docker/build-push-action@v5
|
||||
with:
|
||||
push: true
|
||||
file: ${{ inputs.file }}
|
||||
|
||||
57
README.md
57
README.md
@ -101,59 +101,4 @@ jobs:
|
||||
file: "path/to/Dockerfile"
|
||||
```
|
||||
|
||||
If you want to use it with our GitOps Action:
|
||||
|
||||
```yaml
|
||||
name: Deploy
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- dev
|
||||
- main
|
||||
tags:
|
||||
- v[0-9]+.[0-9]+.[0-9]+
|
||||
|
||||
paths-ignore:
|
||||
- "**.md"
|
||||
- ".vscode/**"
|
||||
|
||||
- ".github/**"
|
||||
- "!.github/workflows/tests-base.yaml"
|
||||
- "!.github/workflows/deploy.yaml"
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
concurrency: build-${{ github.ref_name }}
|
||||
outputs:
|
||||
tag: ${{ steps.build-image.outputs.tag }}
|
||||
tags: ${{ steps.build-image.outputs.tags }}
|
||||
steps:
|
||||
- id: build-image
|
||||
name: Build and Push Image
|
||||
uses: ditkrg/build-image-workflow@v1
|
||||
with:
|
||||
image: "my-docker-image"
|
||||
registry: "my-registry.example.com"
|
||||
username: ${{ secrets.REGISTRY_USERNAME }}
|
||||
password: ${{ secrets.REGISTRY_PASSWORD }}
|
||||
build-args: "EXAMPLE=123"
|
||||
build-secrets: "EXAMPLE=****"
|
||||
file: "path/to/Dockerfile"
|
||||
|
||||
update-gitops:
|
||||
runs-on: ubuntu-latest
|
||||
concurrency: pr-${{ github.ref_name }}
|
||||
needs: build
|
||||
steps:
|
||||
- name: Update gitops
|
||||
uses: ditkrg/update-gitops-image@v1
|
||||
with:
|
||||
owner: ditkrg
|
||||
repo: GITOPS_REPO
|
||||
app-id: ${{ secrets.APP_ID }}
|
||||
image-tag: ${{ needs.build.outputs.tag }}
|
||||
private-key: ${{ secrets.APP_PRIVATE_KEY }}
|
||||
component-name: REPO_NAME
|
||||
```
|
||||
Feel free to customize the inputs and adjust the workflow based on your specific requirements.
|
||||
|
||||
118
action.yml
118
action.yml
@ -1,10 +1,6 @@
|
||||
name: "Build, Scan and Push Image"
|
||||
description: "Build, Scan and Push Image to Self Hosted Registry"
|
||||
inputs:
|
||||
push:
|
||||
description: "Push to Registry"
|
||||
required: false
|
||||
default: "true"
|
||||
image:
|
||||
description: "Image Name"
|
||||
required: true
|
||||
@ -29,28 +25,10 @@ inputs:
|
||||
required: false
|
||||
description: "Build Secrets"
|
||||
|
||||
harbor-scan-report:
|
||||
required: false
|
||||
default: "true"
|
||||
description: "Should try to get harbor scan report"
|
||||
|
||||
comment-harbor-scan-report:
|
||||
required: false
|
||||
default: "true"
|
||||
description: "Should comment harbor scan report on PR"
|
||||
|
||||
harbor-scan-report-comment-marker:
|
||||
required: false
|
||||
default: '<!-- actions-comment-pull-request "build-and-push" -->'
|
||||
description: "Comment marker for harbor scan report"
|
||||
|
||||
outputs:
|
||||
digest:
|
||||
description: "Digest"
|
||||
value: ${{ steps.build-and-push.outputs.digest }}
|
||||
tag:
|
||||
description: "Image Tag"
|
||||
value: ${{ steps.set_tag.outputs.tag }}
|
||||
value: ${{ steps.meta.outputs.tags[0] }}
|
||||
tags:
|
||||
description: "Image Tags"
|
||||
value: ${{ steps.meta.outputs.tags }}
|
||||
@ -68,9 +46,8 @@ runs:
|
||||
images: ${{ inputs.registry }}/${{ inputs.image }}
|
||||
flavor: latest=false
|
||||
tags: |
|
||||
# Pull Request
|
||||
type=ref,event=pr
|
||||
type=ref,event=pr,suffix=-{{sha}},priority=8887 # 2
|
||||
# Cache
|
||||
type=raw,value=${{ github.ref_name }}-cache
|
||||
|
||||
# Branches
|
||||
type=ref,event=branch
|
||||
@ -89,93 +66,12 @@ runs:
|
||||
password: ${{ inputs.password }}
|
||||
|
||||
- name: Build Docker images
|
||||
uses: docker/build-push-action@v6
|
||||
id: build-and-push
|
||||
uses: docker/build-push-action@v5
|
||||
with:
|
||||
push: ${{ inputs.push }}
|
||||
push: true
|
||||
file: ${{ inputs.file }}
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
cache-to: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:buildcache,mode=max
|
||||
cache-from: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:buildcache
|
||||
cache-to: type=inline
|
||||
cache-from: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:${{ github.ref_name }}-cache
|
||||
build-args: ${{ inputs.build-args }}
|
||||
secrets: ${{ inputs.build-secrets }}
|
||||
|
||||
- name: Set Tag
|
||||
id: set_tag
|
||||
shell: bash
|
||||
run: |
|
||||
|
||||
extracted_tag=$(echo "$json" | jq -r '.tags | .[0]')
|
||||
echo "tag=$extracted_tag" >> $GITHUB_OUTPUT
|
||||
|
||||
env:
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
json: ${{ steps.meta.outputs.json }}
|
||||
|
||||
- name: Harbor Scan Results
|
||||
id: harbor-scan-results
|
||||
if: ${{ inputs.harbor-scan-report }} == 'true'
|
||||
uses: ditkrg/harbor-scan-results-action@main
|
||||
with:
|
||||
image: ${{ steps.set_tag.outputs.tag }}
|
||||
username: ${{ inputs.username }}
|
||||
password: ${{ inputs.password }}
|
||||
digest: ${{ steps.build-and-push.outputs.digest }}
|
||||
|
||||
- name: Comment on active branch PR
|
||||
uses: actions/github-script@v7
|
||||
if: ${{ inputs.comment-harbor-scan-report }} == 'true'
|
||||
env:
|
||||
COMMENT_MARKER: ${{ inputs.harbor-scan-report-comment-marker }}
|
||||
TRIVY_SCAN_RESULTS: ${{ steps.harbor-scan-results.outputs.report-markdown }}
|
||||
with:
|
||||
script: |
|
||||
const prs = await github.rest.pulls.list({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
head: `${context.repo.owner}:${context.ref.replace('refs/heads/', '')}`
|
||||
});
|
||||
|
||||
if (prs.data.length <= 0) {
|
||||
console.log('No open PR found for the current branch');
|
||||
return;
|
||||
}
|
||||
|
||||
const pr = prs.data[0];
|
||||
// Check if there's already a comment from this workflow
|
||||
const comments = await github.rest.issues.listComments({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
issue_number: pr.number
|
||||
});
|
||||
|
||||
const comment_marker = process.env.COMMENT_MARKER;
|
||||
const buildComment = comments.data.find(comment =>
|
||||
comment.body.includes(comment_marker)
|
||||
);
|
||||
|
||||
const commentBody = `${comment_marker}
|
||||
${process.env.TRIVY_SCAN_RESULTS}
|
||||
`;
|
||||
|
||||
if (buildComment) {
|
||||
// Update existing comment
|
||||
await github.rest.issues.updateComment({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
comment_id: buildComment.id,
|
||||
body: commentBody
|
||||
});
|
||||
|
||||
console.log(`Updated comment to PR #${pr.number}`);
|
||||
} else {
|
||||
// Create new comment
|
||||
await github.rest.issues.createComment({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
issue_number: pr.number,
|
||||
body: commentBody
|
||||
});
|
||||
|
||||
console.log(`Added comment to PR #${pr.number}`);
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user