Skip to content

Update Alpine to 3.20.3 version to fix CVE-2024-6119 #463

Update Alpine to 3.20.3 version to fix CVE-2024-6119

Update Alpine to 3.20.3 version to fix CVE-2024-6119 #463

Workflow file for this run

name: CI
on:
push:
branches: ["main"]
tags: ["*"]
pull_request:
branches: ["main"]
schedule:
- cron: "0 13 * * 4"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
############
# Building #
############
build:
strategy:
fail-fast: false
matrix:
ver: ["1.6", "1.5"]
dist: ["apache", "fpm"]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: docker/setup-buildx-action@v3
- name: Verify Dockerfile is up-to-date
run: |
make codegen.dockerfile dir=${{ matrix.ver }}/${{ matrix.dist }}
git update-index --refresh
! git diff-index HEAD -- | grep '${{ matrix.ver }}/${{ matrix.dist }}'
- run: make docker.image no-cache=yes
DOCKERFILE=${{ matrix.ver }}/${{ matrix.dist }}
tag=build-${{ github.run_number }}
- run: make docker.tar to-file=.cache/image.tar
tags=build-${{ github.run_number }}
- uses: actions/upload-artifact@v4
with:
name: ${{ matrix.dist }}-${{ matrix.ver }}-${{ github.run_number }}
path: .cache/image.tar
retention-days: 1
###########
# Testing #
###########
test:
needs: ["build"]
strategy:
fail-fast: false
matrix:
ver: ["1.6", "1.5"]
dist: ["apache", "fpm"]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: make npm.install
- uses: actions/download-artifact@v4
with:
name: ${{ matrix.dist }}-${{ matrix.ver }}-${{ github.run_number }}
path: .cache/
- run: make docker.untar from-file=.cache/image.tar
- run: make test.docker
DOCKERFILE=${{ matrix.ver }}/${{ matrix.dist }}
tag=build-${{ github.run_number }}
#############
# Releasing #
#############
push:
if: ${{ github.event_name == 'push'
&& startsWith(github.ref, 'refs/tags/') }}
needs: ["build", "test"]
strategy:
fail-fast: false
max-parallel: 1
matrix:
registry: ["docker.io", "ghcr.io", "quay.io"]
dist: ["apache", "fpm"]
runs-on: ubuntu-latest
steps:
# Skip if this is fork and no credentials are provided.
- id: skip
run: echo "no=${{ !(
github.repository_owner != 'instrumentisto'
&& ((matrix.registry == 'quay.io'
&& secrets.QUAYIO_ROBOT_USER == '')
|| (matrix.registry == 'docker.io'
&& secrets.DOCKERHUB_BOT_USER == ''))
) }}" >> $GITHUB_OUTPUT
- uses: actions/checkout@v4
if: ${{ steps.skip.outputs.no == 'true' }}
- name: Parse semver versions from Git tag
id: semver
uses: actions-ecosystem/action-regex-match@v2
with:
text: ${{ github.ref }}
regex: '^refs/tags/((([0-9]+)\.[0-9]+)\.[0-9]+-(.+))$'
- name: Parse Docker image name from Git repository name
id: image
uses: actions-ecosystem/action-regex-match@v2
with:
text: ${{ github.repository }}
regex: '^${{ github.repository_owner }}/(.+)-docker-image$'
- uses: actions/download-artifact@v4
with:
name: ${{ matrix.dist }}-${{ steps.semver.outputs.group2 }}-${{ github.run_number }}
path: .cache/
if: ${{ steps.skip.outputs.no == 'true' }}
- run: make docker.untar from-file=.cache/image.tar
if: ${{ steps.skip.outputs.no == 'true' }}
- name: Login to ${{ matrix.registry }} container registry
uses: docker/login-action@v3
with:
registry: ${{ matrix.registry }}
username: ${{ (matrix.registry == 'docker.io'
&& secrets.DOCKERHUB_BOT_USER)
|| (matrix.registry == 'quay.io'
&& secrets.QUAYIO_ROBOT_USER)
|| github.repository_owner }}
password: ${{ (matrix.registry == 'docker.io'
&& secrets.DOCKERHUB_BOT_PASS)
|| (matrix.registry == 'quay.io'
&& secrets.QUAYIO_ROBOT_TOKEN)
|| secrets.GITHUB_TOKEN }}
if: ${{ steps.skip.outputs.no == 'true' }}
- run: make docker.tags of=build-${{ github.run_number }}
DOCKERFILE=${{ steps.semver.outputs.group2 }}/${{ matrix.dist }}
registries=${{ matrix.registry }}
if: ${{ steps.skip.outputs.no == 'true' }}
- run: make docker.push
DOCKERFILE=${{ steps.semver.outputs.group2 }}/${{ matrix.dist }}
registries=${{ matrix.registry }}
if: ${{ steps.skip.outputs.no == 'true' }}
# On GitHub Container Registry README is automatically updated on pushes.
- name: Update README on Docker Hub
uses: christian-korneck/update-container-description-action@v1
with:
provider: dockerhub
destination_container_repo: ${{ github.repository_owner }}/${{ steps.image.outputs.group1 }}
readme_file: README.md
env:
DOCKER_USER: ${{ secrets.DOCKERHUB_BOT_USER }}
DOCKER_PASS: ${{ secrets.DOCKERHUB_BOT_PASS }}
if: ${{ steps.skip.outputs.no == 'true'
&& matrix.registry == 'docker.io' }}
- name: Update README on Quay.io
uses: christian-korneck/update-container-description-action@v1
with:
provider: quay
destination_container_repo: ${{ matrix.registry }}/${{ github.repository_owner }}/${{ steps.image.outputs.group1 }}
readme_file: README.md
env:
DOCKER_APIKEY: ${{ secrets.QUAYIO_API_TOKEN }}
if: ${{ steps.skip.outputs.no == 'true'
&& matrix.registry == 'quay.io' }}
release-github:
name: release (GitHub)
if: ${{ github.event_name == 'push'
&& startsWith(github.ref, 'refs/tags/') }}
needs: ["push"]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Parse semver versions from Git tag
id: semver
uses: actions-ecosystem/action-regex-match@v2
with:
text: ${{ github.ref }}
regex: '^refs/tags/((([0-9]+)\.[0-9]+)\.[0-9]+-(.+))$'
- name: Parse CHANGELOG link
id: changelog
run: echo "link=${{ github.server_url }}/${{ github.repository }}/blob/${{ steps.semver.outputs.group1 }}/CHANGELOG.md#$(sed -n '/^## \[${{ steps.semver.outputs.group1 }}\]/{s/^## \[\(.*\)\][^0-9]*\([0-9].*\)/\1--\2/;s/[^0-9a-z-]*//g;p;}' CHANGELOG.md)"
>> $GITHUB_OUTPUT
- name: Create GitHub release
uses: softprops/action-gh-release@v2
with:
name: ${{ steps.semver.outputs.group1 }}
body: |
[Changelog](${{ steps.changelog.outputs.link }})