Scan controller image #13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Scan controller image | |
| on: | |
| workflow_dispatch: | |
| # no content, allows manual triggering | |
| schedule: | |
| # 5:30 pm every Sunday (UTC) | |
| # to pick up any important bug fixes etc in base image | |
| - cron: '30 17 * * 0' | |
| push: | |
| # run when changes pushed to go.mod on main branch | |
| branches: | |
| - main | |
| paths: | |
| - ./v2/go.mod | |
| jobs: | |
| scan-image: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| packages: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 # required to access tags | |
| submodules: 'true' | |
| - name: Log in to GitHub Docker Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: docker.pkg.github.com # ghcr.io not yet enabled for Azure org | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build devcontainer image | |
| # We must issue a manual pull before the build so the image gets copied locally, because | |
| # docker.pkg.github.com is not a valid Docker registry and doesn't work with --cache-from, | |
| # however, `docker pull` will fall back to other methods that do work and get the image loaded. | |
| # | |
| # This message comes from "docker pull": | |
| # | |
| # Run docker pull docker.pkg.github.com/azure/azure-service-operator/aso-devcontainer:latest | |
| # WARNING: ⚠️ Failed to pull manifest by the resolved digest. This registry does not | |
| # appear to conform to the distribution registry specification; falling back to | |
| # pull by tag. This fallback is DEPRECATED, and will be removed in a future | |
| # release. Please contact admins of https://docker.pkg.github.com. ⚠️ | |
| # | |
| # See: https://github.com/moby/moby/issues/41687#issuecomment-733826074 and related issues | |
| run: | | |
| docker pull docker.pkg.github.com/azure/azure-service-operator/aso-devcontainer:latest | |
| docker build --cache-from docker.pkg.github.com/azure/azure-service-operator/aso-devcontainer:latest --tag devcontainer:latest .devcontainer | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| - name: Run devcontainer image | |
| id: devcontainer | |
| run: | | |
| container_id=$(docker create -w /workspace -v $GITHUB_WORKSPACE:/workspace -v /var/run/docker.sock:/var/run/docker.sock devcontainer:latest) | |
| docker start "$container_id" | |
| echo "container_id=$container_id" >> $GITHUB_ENV | |
| - name: Scan controller image | |
| run: | | |
| container_id=${{ env.container_id }} | |
| docker exec "$container_id" task controller:scan-image |