-
Notifications
You must be signed in to change notification settings - Fork 0
/
action.yml
140 lines (124 loc) · 4.5 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: 'Container Build and Publish'
description: 'GitHub Action with a pipeline to build, test and publish a container image'
inputs:
workdir:
description: "Working directory of bake execution"
required: false
default: '.'
test-targets:
description: "List of bake targets for testing"
required: false
default: 'local'
dockerhub-username:
description: 'Username used to log against the Docker registry'
required: false
default: ''
dockerhub-password:
description: 'Password or personal access token used to log against the Docker registry'
required: false
default: ''
run-lint-stage:
description: 'Run lint stage'
required: false
default: true
run-test-stage:
description: 'Run test stage'
required: false
default: true
test-image:
description: 'Test image'
requires: false
default: ''
test-entrypoint:
description: 'Test entrypoint'
requires: false
default: '/bin/bash'
runs:
using: 'composite'
steps:
- uses: actions/checkout@v4
- name: Get run-lint-stage
shell: bash
working-directory: ${{ matrix.image }}
run: |
echo "run-lint-stage=$($(git rev-parse --show-toplevel)/bin/run-lint-stage.sh)" >> $GITHUB_ENV
- name: Check the Containerfile with hadolint
if: env.run-lint-stage == 'true'
shell: bash
working-directory: ${{ inputs.workdir }}
run: |
$(git rev-parse --show-toplevel)/bin/lint.sh
- name: Install QEMU static binaries
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Get run-test-stage
shell: bash
working-directory: ${{ matrix.image }}
run: |
echo "run-test-stage=$($(git rev-parse --show-toplevel)/bin/run-test-stage.sh)" >> $GITHUB_ENV
- name: Get test-entrypoint
shell: bash
working-directory: ${{ matrix.image }}
run: |
echo "test-entrypoint=$($(git rev-parse --show-toplevel)/bin/test-entrypoint.sh)" >> $GITHUB_ENV
- name: Build locally for testing
uses: docker/bake-action@v4
if: env.run-test-stage == 'true'
with:
workdir: ${{ inputs.workdir }}
targets: ${{ inputs.test-targets }}
load: true
- name: Run tests on the image with cinc-auditor
if: ${{ inputs.run-test-stage }}
shell: bash
working-directory: ${{ inputs.workdir }}
run: |
json_data="$(docker buildx bake local --print 2>/dev/null)"
test_image=${{ inputs.test-image }}
if [ -z "${{ inputs.test-image }}" ]; then
test_image=$(echo "$json_data" | jq -r '.target | to_entries[0].value | .tags[0]')
fi
$(git rev-parse --show-toplevel)/bin/test-matrix.sh $test_image ${{ env.test-entrypoint }}
- name: Login to DockerHub
if: ${{ github.event_name != 'pull_request' }}
uses: docker/login-action@v3
with:
username: ${{ inputs.dockerhub-username }}
password: ${{ inputs.dockerhub-password }}
- name: Build and push
uses: docker/bake-action@v4
with:
workdir: ${{ inputs.workdir }}
push: ${{ github.event_name != 'pull_request' }}
- name: Get the image name
if: ${{ github.event_name != 'pull_request' }}
id: image_name
shell: bash
working-directory: ${{ inputs.workdir }}
run: |
echo "image_name=$($(git rev-parse --show-toplevel)/bin/image-name.sh)" >> $GITHUB_ENV
- name: Get the image description
if: ${{ github.event_name != 'pull_request' }}
id: image_description
shell: bash
working-directory: ${{ inputs.workdir }}
run: |
echo "image_description=$($(git rev-parse --show-toplevel)/bin/image-description.sh)" >> $GITHUB_ENV
- name: Get the image readme filepath
if: ${{ github.event_name != 'pull_request' }}
id: image_readme_filepath
shell: bash
working-directory: ${{ inputs.workdir }}
run: |
echo "image_readme_filepath=$($(git rev-parse --show-toplevel)/bin/image-readme.sh)" >> $GITHUB_ENV
- name: Update Docker Hub Description
if: ${{ github.event_name != 'pull_request' }}
uses: peter-evans/dockerhub-description@v4
with:
username: ${{ inputs.dockerhub-username }}
password: ${{ inputs.dockerhub-password }}
repository: boxcutter/${{ env.image_name }}
short-description: ${{ env.image_description }}
readme-filepath: ${{ env.image_readme_filepath }}