ditkrg/build-image-workflow
4
0
Fork 0
mirror of https://github.com/ditkrg/build-image-workflow.git synced 2026-01-23 14:58:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: ditkrg:main
Branches Tags
ditkrg:main
ditkrg:v1.3.0
ditkrg:v1.2.8
ditkrg:v1.2.7
ditkrg:v1.2.6
ditkrg:v1.2.5
ditkrg:v1.2.4
ditkrg:v1.2.3
ditkrg:v1
ditkrg:v1.2.2
ditkrg:v1.2.1
ditkrg:v1.2.0
ditkrg:v1.1.0
ditkrg:v1.0.1
ditkrg:v1.0.0
..
compare: ditkrg:v1.2.2
Branches Tags
ditkrg:main
ditkrg:v1.3.0
ditkrg:v1.2.8
ditkrg:v1.2.7
ditkrg:v1.2.6
ditkrg:v1.2.5
ditkrg:v1.2.4
ditkrg:v1.2.3
ditkrg:v1
ditkrg:v1.2.2
ditkrg:v1.2.1
ditkrg:v1.2.0
ditkrg:v1.1.0
ditkrg:v1.0.1
ditkrg:v1.0.0

No commits in common. "main" and "v1.2.2" have entirely different histories.
main ... v1.2.2

2 changed files with 8 additions and 112 deletions
Show Stats Expand all files Collapse all files

2
.github/workflows/workflow.yaml vendored
View File

@ -82,7 +82,7 @@ jobs:
password: ${{ secrets.password }} password: ${{ secrets.password }}
- name: Build Docker images - name: Build Docker images
uses: docker/build-push-action@v6 uses: docker/build-push-action@v5
with: with:
push: true push: true
file: ${{ inputs.file }} file: ${{ inputs.file }}

118
action.yml
View File

@ -1,10 +1,6 @@
name: "Build, Scan and Push Image" name: "Build, Scan and Push Image"
description: "Build, Scan and Push Image to Self Hosted Registry" description: "Build, Scan and Push Image to Self Hosted Registry"
inputs: inputs:
push:
description: "Push to Registry"
required: false
default: "true"
image: image:
description: "Image Name" description: "Image Name"
required: true required: true
@ -29,28 +25,10 @@ inputs:
required: false required: false
description: "Build Secrets" description: "Build Secrets"
harbor-scan-report:
required: false
default: "true"
description: "Should try to get harbor scan report"
comment-harbor-scan-report:
required: false
default: "true"
description: "Should comment harbor scan report on PR"
harbor-scan-report-comment-marker:
required: false
default: '<!-- actions-comment-pull-request "build-and-push" -->'
description: "Comment marker for harbor scan report"
outputs: outputs:
digest:
description: "Digest"
value: ${{ steps.build-and-push.outputs.digest }}
tag: tag:
description: "Image Tag" description: "Image Tag"
value: ${{ steps.set_tag.outputs.tag }} value: ${{ steps.meta.outputs.tags[0] }}
tags: tags:
description: "Image Tags" description: "Image Tags"
value: ${{ steps.meta.outputs.tags }} value: ${{ steps.meta.outputs.tags }}
@ -68,9 +46,8 @@ runs:
images: ${{ inputs.registry }}/${{ inputs.image }} images: ${{ inputs.registry }}/${{ inputs.image }}
flavor: latest=false flavor: latest=false
tags: | tags: |
# Pull Request # Cache
type=ref,event=pr type=raw,value=${{ github.ref_name }}-cache
type=ref,event=pr,suffix=-{{sha}},priority=8887 # 2
# Branches # Branches
type=ref,event=branch type=ref,event=branch
@ -89,93 +66,12 @@ runs:
password: ${{ inputs.password }} password: ${{ inputs.password }}
- name: Build Docker images - name: Build Docker images
uses: docker/build-push-action@v6 uses: docker/build-push-action@v5
id: build-and-push
with: with:
push: ${{ inputs.push }} push: true
file: ${{ inputs.file }} file: ${{ inputs.file }}
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
cache-to: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:buildcache,mode=max cache-to: type=inline
cache-from: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:buildcache cache-from: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:${{ github.ref_name }}-cache
build-args: ${{ inputs.build-args }} build-args: ${{ inputs.build-args }}
secrets: ${{ inputs.build-secrets }} secrets: ${{ inputs.build-secrets }}
- name: Set Tag
id: set_tag
shell: bash
run: |
extracted_tag=$(echo "$json" | jq -r '.tags | .[0]')
echo "tag=$extracted_tag" >> $GITHUB_OUTPUT
env:
tags: ${{ steps.meta.outputs.tags }}
json: ${{ steps.meta.outputs.json }}
- name: Harbor Scan Results
id: harbor-scan-results
if: ${{ inputs.harbor-scan-report }} == 'true'
uses: ditkrg/harbor-scan-results-action@main
with:
image: ${{ steps.set_tag.outputs.tag }}
username: ${{ inputs.username }}
password: ${{ inputs.password }}
digest: ${{ steps.build-and-push.outputs.digest }}
- name: Comment on active branch PR
uses: actions/github-script@v7
if: ${{ inputs.comment-harbor-scan-report }} == 'true'
env:
COMMENT_MARKER: ${{ inputs.harbor-scan-report-comment-marker }}
TRIVY_SCAN_RESULTS: ${{ steps.harbor-scan-results.outputs.report-markdown }}
with:
script: |
const prs = await github.rest.pulls.list({
owner: context.repo.owner,
repo: context.repo.repo,
head: `${context.repo.owner}:${context.ref.replace('refs/heads/', '')}`
});
if (prs.data.length <= 0) {
console.log('No open PR found for the current branch');
return;
}
const pr = prs.data[0];
// Check if there's already a comment from this workflow
const comments = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: pr.number
});
const comment_marker = process.env.COMMENT_MARKER;
const buildComment = comments.data.find(comment =>
comment.body.includes(comment_marker)
);
const commentBody = `${comment_marker}
${process.env.TRIVY_SCAN_RESULTS}
`;
if (buildComment) {
// Update existing comment
await github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: buildComment.id,
body: commentBody
});
console.log(`Updated comment to PR #${pr.number}`);
} else {
// Create new comment
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: pr.number,
body: commentBody
});
console.log(`Added comment to PR #${pr.number}`);
}