# SPDX-FileCopyrightText: © Vegard IT GmbH (https://vegardit.com) # SPDX-FileContributor: Sebastian Thomschke # SPDX-License-Identifier: Apache-2.0 # SPDX-ArtifactOfProjectHomePage: https://github.com/vegardit/docker-gitea-act-runner # # https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions name: Build on: push: branches: # build all branches - '**' tags-ignore: # but don't build tags - '**' paths-ignore: - '**/*.md' - '.github/*.yml' schedule: # https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows - cron: '0 17 * * 3' pull_request: workflow_dispatch: # https://github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/ defaults: run: shell: bash env: DOCKER_IMAGE_REPO: vegardit/gitea-act-runner TRIVY_CACHE_DIR: ~/.trivy/cache jobs: build: runs-on: ubuntu-latest strategy: matrix: include: - DOCKER_FILE: Dockerfile DOCKER_IMAGE_TAG: latest - DOCKER_FILE: DinD.Dockerfile DOCKER_IMAGE_TAG: dind-latest fail-fast: true steps: - name: Show environment variables run: env | sort - name: Git Checkout uses: actions/checkout@v3 #https://github.com/actions/checkout - name: Check Dockerfile uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: image/${{ matrix.DOCKER_FILE }} ignore: DL3008,SC1091 # https://github.com/hadolint/hadolint/wiki/DL3008 - name: Cache trivy cache uses: actions/cache@v3 with: path: ${{ env.TRIVY_CACHE_DIR }} # https://github.com/actions/cache/issues/342#issuecomment-673371329 key: ${{ runner.os }}-trivy-${{ github.run_id }} restore-keys: | ${{ runner.os }}-trivy- - name: Configure fast APT repository mirror uses: vegardit/fast-apt-mirror.sh@v1 - name: Install dos2unix run: sudo apt-get install --no-install-recommends -y dos2unix - name: Build ${{ env.DOCKER_IMAGE_REPO }}:${{ env.DOCKER_IMAGE_TAG }} env: DOCKER_REGISTRY: docker.io DOCKER_REGISTRY_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }} DOCKER_REGISTRY_TOKEN: ${{ secrets.DOCKER_HUB_TOKEN }} DOCKER_IMAGE_TAG: ${{ matrix.DOCKER_IMAGE_TAG }} DOCKER_FILE: ${{ matrix.DOCKER_FILE }} TRIVY_GITHUB_TOKEN: ${{ github.token }} run: | set -eu if [[ $GITHUB_REF_NAME == "main" && $GITHUB_EVENT_NAME != "pull_request" && ${ACT:-} != "true" ]]; then export DOCKER_PUSH=1 echo "$DOCKER_REGISTRY_TOKEN" | docker login -u="$DOCKER_REGISTRY_USERNAME" "$DOCKER_REGISTRY" --password-stdin fi bash build-image.sh - name: Publish Docker image to GH registry if: ${{ github.ref_name == 'main' && github.event_name != 'pull_request' && !env.ACT }} # https://github.com/nektos/act#skipping-steps env: DOCKER_IMAGE_TAG: ${{ matrix.DOCKER_IMAGE_TAG }} run: | set -eux echo "${{ github.token }}" | docker login https://ghcr.io -u ${{ github.actor }} --password-stdin docker image tag $DOCKER_IMAGE_REPO:$DOCKER_IMAGE_TAG ghcr.io/$DOCKER_IMAGE_REPO:$DOCKER_IMAGE_TAG docker push ghcr.io/$DOCKER_IMAGE_REPO:$DOCKER_IMAGE_TAG - name: Delete untagged images uses: actions/github-script@v6 if: ${{ github.ref_name == 'main' && github.event_name != 'pull_request' && !env.ACT }} # https://github.com/nektos/act#skipping-steps with: github-token: ${{ secrets.GHA_DELETE_PACKAGES }} script: | const imageName = /[^/]*$/.exec(process.env.DOCKER_IMAGE_REPO)[0] const basePath = `/orgs/${{ github.repository_owner }}/packages/container/${imageName}/versions` for (version of (await github.request(`GET ${basePath}`, { per_page: 100 })).data) { if (version.metadata.container.tags.length == 0) { console.log(`deleting ${version.name}...`) const delResponse = await github.request(`DELETE ${basePath}/${version.id}`) console.log(`status: ${delResponse.status}`) } }