monkeyplug-build-push-ghcr #158

Summary
Jobs
- buildah
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/monkeyplug-build-push-ghcr.yml at 64ce692

	---
	name: monkeyplug-build-push-ghcr

	on:
	push:
	branches:
	- 'main'
	pull_request:
	workflow_dispatch:
	repository_dispatch:
	schedule:
	- cron: '0 12 15 * *'

	env:
	REGISTRY: ghcr.io
	IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/monkeyplug
	IMAGE_ARCH: amd64
	REPO_CONTEXT: .
	REPO_CONTAINERFILE: ./docker/Dockerfile

	jobs:
	buildah:
	runs-on: ubuntu-latest
	permissions:
	actions: write
	packages: write
	contents: read
	security-events: write
	steps:
	-
	name: Cancel previous run in progress
	id: cancel-previous-runs
	uses: styfle/cancel-workflow-action@0.11.0
	with:
	ignore_sha: true
	all_but_latest: true
	access_token: ${{ secrets.GITHUB_TOKEN }}
	-
	name: Checkout
	id: repo-checkout
	uses: actions/checkout@v3
	-
	name: Set up QEMU
	id: setup-qemu
	uses: docker/setup-qemu-action@v2
	-
	name: Log in to registry
	id: registry-login
	uses: redhat-actions/podman-login@v1
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}
	-
	name: Build Small
	id: build-small-image
	uses: redhat-actions/buildah-build@v2
	with:
	image: ${{ env.IMAGE_NAME }}
	tags: small
	context: ${{ env.REPO_CONTEXT }}
	containerfiles: ${{ env.REPO_CONTAINERFILE }}
	archs: ${{ env.IMAGE_ARCH }}
	-
	name: Build Large
	id: build-large-image
	uses: redhat-actions/buildah-build@v2
	with:
	image: ${{ env.IMAGE_NAME }}
	tags: large
	context: ${{ env.REPO_CONTEXT }}
	containerfiles: ${{ env.REPO_CONTAINERFILE }}
	archs: ${{ env.IMAGE_ARCH }}
	build-args: \|
	VOSK_MODEL_URL=http://alphacephei.com/vosk/models/vosk-model-en-us-0.22.zip
	-
	name: Run Trivy vulnerability scanner
	id: trivy-scan
	uses: aquasecurity/trivy-action@master
	with:
	scan-type: 'image'
	image-ref: ${{ env.IMAGE_NAME }}:small
	format: 'sarif'
	output: 'trivy-results.sarif'
	severity: 'HIGH,CRITICAL'
	vuln-type: 'os,library'
	hide-progress: true
	ignore-unfixed: true
	exit-code: '0'
	-
	name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v2
	if: always()
	with:
	sarif_file: 'trivy-results.sarif'
	-
	name: Push Small
	id: push-small-to-ghcr
	uses: redhat-actions/push-to-registry@v2
	with:
	image: ${{ steps.build-small-image.outputs.image }}
	tags: ${{ steps.build-small-image.outputs.tags }}
	registry: ${{ env.REGISTRY }}
	-
	name: Push Large
	id: push-large-to-ghcr
	uses: redhat-actions/push-to-registry@v2
	with:
	image: ${{ steps.build-large-image.outputs.image }}
	tags: ${{ steps.build-large-image.outputs.tags }}
	registry: ${{ env.REGISTRY }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

monkeyplug-build-push-ghcr #158

Workflow file

monkeyplug-build-push-ghcr #158

Jobs

Run details

Workflow file for this run