Bump micromatch from 4.0.2 to 4.0.8 in /web #175
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Push web to GHCR | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- master | |
paths: | |
- web/** | |
- "!*.md" | |
pull_request: | |
branches: | |
- master | |
paths: | |
- web/** | |
- "!*.md" | |
env: | |
REGISTRY: ghcr.io | |
REPO_NAME: ${{ github.repository }} | |
IMAGE_SUFFIX: "/web" # change to suit your image name | |
BUILD_CONTEXT: "./web" # change me to fit your image path | |
DOCKERFILE_PATH: "default" # change me if needed | |
ARTIFACT: dummyweb | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
# This is used to complete the identity challenge | |
# with sigstore/fulcio when running outside of PRs. | |
id-token: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
# Workaround: https://github.com/docker/build-push-action/issues/461 | |
- name: Setup Docker buildx | |
uses: docker/setup-buildx-action@v3 | |
# Login against a Docker registry except on PR | |
# https://github.com/docker/login-action | |
- name: Log into registry ${{ env.REGISTRY }} | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Generate required output vars | |
id: env | |
shell: pwsh | |
run: | | |
$env:tag = (Get-Date -Format dd-MM-yyyy) + "." + ${{ github.run_number }} | |
Write-Host "::set-output name=tag::$($env:tag)" | |
if ("${{ env.DOCKERFILE_PATH }}" -eq "default") | |
{ | |
$env:dockerfilePath = "${{ env.BUILD_CONTEXT}}/Dockerfile" | |
} | |
else | |
{ | |
$env:dockerfilePath = "${{ env.DOCKERFILE_PATH }}" | |
} | |
Write-Host "::set-output name=DOCKERFILE_PATH::$($env:dockerfilePath)" | |
# Extract metadata (tags, labels) for Docker | |
# https://github.com/docker/metadata-action | |
- name: Extract Docker metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
${{ env.REGISTRY }}/${{ env.REPO_NAME }}${{ env.IMAGE_SUFFIX }} | |
tags: | | |
type=sha,format=long | |
type=raw,value=${{ steps.env.outputs.tag }} | |
type=raw,value=latest | |
# Build and push Docker image with Buildx (don't push on PR) | |
# https://github.com/docker/build-push-action | |
- name: Build and push Docker image | |
id: build-and-push | |
uses: docker/build-push-action@v6 | |
with: | |
context: ${{ env.BUILD_CONTEXT }} | |
file: ${{ steps.env.outputs.DOCKERFILE_PATH }} | |
push: ${{ github.event_name != 'pull_request' }} | |
load: ${{ github.event_name == 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
#outputs: type=docker,dest=/tmp/web.tar | |
#- run: docker load -i /tmp/web.tar | |
# - name: Container image scan | |
# if: github.event_name == 'pull_request' | |
# env: | |
# # See https://github.com/Azure/container-scan/issues/146 | |
# DOCKLE_HOST: "unix:///var/run/docker.sock" | |
# id: scan | |
# uses: Azure/container-scan@v0.1 | |
# with: | |
# image-name: ${{ env.REGISTRY }}/${{ env.REPO_NAME }}${{ env.IMAGE_SUFFIX }}:${{ steps.env.outputs.tag }} | |
# severity-threshold: "CRITICAL" | |
# - name: Run hadolint | |
# uses: hadolint/hadolint-action@v3.0.0 | |
# with: | |
# dockerfile: ${{ steps.env.outputs.DOCKERFILE_PATH }} | |
# format: sarif | |
# output-file: hadolint-results.sarif | |
# no-fail: true | |
# - name: Upload analysis results to GitHub | |
# uses: github/codeql-action/upload-sarif@v2 | |
# with: | |
# sarif_file: hadolint-results.sarif | |
# - uses: actions/setup-dotnet@v3 | |
# with: | |
# dotnet-version: | | |
# 6.0.x | |
# # Run Dockerfile and Docker image analyzers | |
# - name: Run Microsoft Security DevOps Analysis | |
# uses: microsoft/security-devops-action@preview | |
# env: | |
# #terrascan_SkipRules: "" | |
# GDN_TRIVY_ACTION: "image" | |
# GDN_TRIVY_IMAGEPATH: /tmp/web.tar | |
# id: msdo | |
# # Upload alerts to the Security tab | |
# - name: Upload alerts to Security tab | |
# uses: github/codeql-action/upload-sarif@v2 | |
# with: | |
# sarif_file: ${{ steps.msdo.outputs.sarifFile }} | |
# Install the cosign tool except on PR | |
# https://github.com/sigstore/cosign-installer | |
# - name: Install cosign | |
# if: github.event_name != 'pull_request' | |
# uses: sigstore/cosign-installer@v3.1.1 | |
# - name: Sign the images with GitHub OIDC Token | |
# if: ${{ github.event_name != 'pull_request' }} | |
# env: | |
# DIGEST: ${{ steps.build-and-push.outputs.digest }} | |
# TAGS: ${{ steps.meta.outputs.tags }} | |
# run: cosign sign --yes "${TAGS}@${DIGEST}" |