chore(deps): update nginx docker tag to v1.27.2 #507
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Image | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- v* | |
pull_request: | |
branches: | |
- main | |
jobs: | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
env: | |
REPOSITORY: ${{ github.repository }} | |
PLATFORMS: linux/amd64,linux/arm/v7,linux/arm64 | |
steps: | |
# build image name | |
- name: Build image name | |
id: image-name | |
run: | | |
echo "::set-output name=image::${REPOSITORY//docker-/}" | |
# checkout | |
- uses: actions/checkout@v4 | |
# setup node | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: '20' | |
registry-url: 'https://registry.npmjs.org' | |
# setup qemu | |
- uses: docker/setup-qemu-action@v3 | |
with: | |
platforms: all | |
# setup docker metadata | |
- uses: docker/metadata-action@v5 | |
id: metadata | |
with: | |
images: | | |
ghcr.io/${{ steps.image-name.outputs.image }} | |
${{ steps.image-name.outputs.image }} | |
tags: | | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.0.') }} | |
type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }} | |
# setup docker buildx | |
- uses: docker/setup-buildx-action@v3 | |
id: buildx | |
with: | |
version: latest | |
install: true | |
# login to docker hub | |
- uses: docker/login-action@v3 | |
if: github.event_name != 'pull_request' | |
with: | |
username: ${{ secrets.DOCKER_USER }} | |
password: ${{ secrets.DOCKER_TOKEN }} | |
# login to github container registry | |
- uses: docker/login-action@v3 | |
if: github.event_name != 'pull_request' | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
# build & push image | |
- uses: docker/build-push-action@v6 | |
id: build | |
with: | |
builder: ${{ steps.buildx.outputs.name }} | |
platforms: ${{ env.PLATFORMS }} | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.metadata.outputs.tags }} | |
labels: ${{ steps.metadata.outputs.labels }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
# generate release notes | |
- name: Generate release notes | |
if: startsWith(github.ref, 'refs/tags/v') | |
id: changelog | |
run: | | |
npx standard-changelog -i /dev/null -o CHANGES.md | |
# create github release | |
- uses: ncipollo/release-action@v1 | |
if: startsWith(github.ref, 'refs/tags/v') | |
with: | |
tag: v${{ steps.metadata.outputs.version }} | |
name: Release v${{ steps.metadata.outputs.version }} | |
bodyFile: CHANGES.md | |
prerelease: ${{ steps.changelog.outputs.status == 'prereleased' }} | |
draft: ${{ steps.changelog.outputs.status == 'unreleased' }} | |
token: ${{ secrets.GITHUB_TOKEN }} | |
artifacts: README.md,LICENSE.md | |
# output image digest | |
- name: Output image digest | |
run: | | |
echo ${{ steps.build.outputs.digest }} | |
scan: | |
name: Scan | |
runs-on: ubuntu-latest | |
steps: | |
# build image name | |
- name: Build image name | |
id: image-name | |
run: echo "::set-output name=image::${REPOSITORY//docker-/}" | |
env: | |
REPOSITORY: ${{ github.repository }} | |
# checkout | |
- uses: actions/checkout@v4 | |
# scan image | |
- uses: crazy-max/ghaction-container-scan@v3 | |
id: scan | |
with: | |
image: ${{ steps.image-name.outputs.image }}:latest | |
dockerfile: ./Dockerfile | |
annotations: true | |
# upload results file to github | |
- uses: github/codeql-action/upload-sarif@v3 | |
if: ${{ steps.scan.outputs.sarif != '' }} | |
with: | |
sarif_file: ${{ steps.scan.outputs.sarif }} |