Skip to content

Bump zipp from 3.18.1 to 3.19.1 #176

Bump zipp from 3.18.1 to 3.19.1

Bump zipp from 3.18.1 to 3.19.1 #176

Workflow file for this run

name: docker build
on:
schedule:
- cron: '0 22 * * 0' # every sunday at 10pm
push:
branches:
- 'main'
pull_request:
branches:
- 'main'
workflow_call:
inputs:
tag:
type: string
required: true
jobs:
container_build:
name: Container build and push
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Set build variables
id: env
run: |
REGISTRY=ghcr.io/
IMAGE=zeiss/acme-dns-azure
VERSION=noop
if [ "${{ github.event_name }}" == "schedule" ]; then
VERSION=edge
elif [[ -n "${{ inputs.tag }}" ]]; then
VERSION=${{ inputs.tag }}
elif [[ $GITHUB_REF == refs/heads/* ]]; then
VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g')
if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then
VERSION=edge
fi
elif [[ $GITHUB_REF == refs/pull/* ]]; then
VERSION=pr-${{ github.event.number }}
fi
REF="${REGISTRY}${IMAGE}:${VERSION}"
TAGS="${REF}"
if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
MINOR=${VERSION%.*}
MAJOR=${MINOR%.*}
TAGS="${TAGS},${REGISTRY}${IMAGE}:${MINOR},${REGISTRY}${IMAGE}:${MAJOR}"
fi
echo "version=${VERSION}" >> $GITHUB_OUTPUT
echo "ref=${REF}" >> $GITHUB_OUTPUT
echo "tags=${TAGS}" >> $GITHUB_OUTPUT
echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
echo "cache_date=$(date -u +'%Y_%W')" >> $GITHUB_OUTPUT
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
config-inline: |
[worker.oci]
max-parallelism = 4
- name: Check out Docker Buildx cache
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ steps.env.outputs.cache_date }}-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-${{ steps.env.outputs.cache_date }}
- name: Login to GitHub Container Registry
if: github.event_name != 'pull_request' || inputs.tag != ''
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push image
id: docker_build
uses: docker/build-push-action@v5
with:
context: ./examples/container
file: ./examples/container/Dockerfile
platforms: linux/amd64,linux/arm64,linux/386,linux/arm/v7
push: ${{ github.event_name != 'pull_request' || inputs.tag != '' }}
tags: ${{ steps.env.outputs.tags }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
labels: |
org.opencontainers.image.created=${{ steps.env.outputs.created }}
org.opencontainers.image.source=https://github.com/${{ github.repository }}
org.opencontainers.image.version=${{ steps.env.outputs.version }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.licenses=${{ github.event.repository.license.name }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
if: ${{ github.event_name != 'pull_request' || inputs.tag != '' }}
with:
image-ref: ${{ steps.env.outputs.ref }}
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'