-
Notifications
You must be signed in to change notification settings - Fork 472
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: convert line endings of GitHub Workflow to linux (#1002)
- Loading branch information
Showing
1 changed file
with
110 additions
and
110 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,110 +1,110 @@ | ||
| name: Docker image for Goss | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - master | ||
| tags: | ||
| - "v*" | ||
| workflow_dispatch: | ||
|
|
||
| env: | ||
| PLATFORMS: "linux/amd64,linux/arm64" | ||
|
|
||
| jobs: | ||
| goss: | ||
| name: Build and push Docker image | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| packages: write | ||
| contents: read | ||
| security-events: write # To upload Trivy sarif files | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v3 | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Login to GHCR | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.repository_owner }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Extract metadata (tags, labels) for Docker | ||
| id: meta | ||
| uses: docker/metadata-action@v5 | ||
| with: | ||
| images: | | ||
| ghcr.io/${{ github.repository_owner }}/goss | ||
| - name: Get latest git tag | ||
| if: github.ref_name == 'master' | ||
| id: get-latest-tag | ||
| run: | | ||
| # source: https://github.com/actions-ecosystem/action-get-latest-tag/blob/main/entrypoint.sh | ||
| set -e | ||
| git config --global --add safe.directory /github/workspace | ||
| git fetch --tags --force | ||
| # This suppress an error occurred when the repository is a complete one. | ||
| git fetch --prune --unshallow 2>/dev/null || true | ||
| latest_tag=$(git describe --abbrev=0 --tags || true) | ||
| echo "tag=${latest_tag}" >> "$GITHUB_OUTPUT" | ||
| echo "Latest tag: $latest_tag" | ||
| - name: Set short git commit SHA | ||
| if: github.ref_name == 'master' | ||
| run: | | ||
| calculatedSha=$(git rev-parse --short ${{ github.sha }}) | ||
| echo "COMMIT_SHORT_SHA=$calculatedSha" >> $GITHUB_ENV | ||
| echo "COMMIT_SHORT_SHA: $calculatedSha" | ||
| - name: Get the current version of Go from project. | ||
| run: echo "GO_VERSION_FROM_PROJECT=$(go mod edit -json | jq -r .Go)" >> $GITHUB_ENV | ||
|
|
||
| - name: Build master goss image | ||
| if: github.ref_name == 'master' | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| build-args: | | ||
| GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }} | ||
| GOSS_VERSION=${{ steps.get-latest-tag.outputs.tag }}-${{ github.ref_name }}+${{ env.COMMIT_SHORT_SHA }} | ||
| context: . | ||
| push: true | ||
| tags: | | ||
| ghcr.io/${{ github.repository_owner }}/goss:master | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
| platforms: ${{ env.PLATFORMS }} | ||
|
|
||
| - name: Build release goss image | ||
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| build-args: | | ||
| GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }} | ||
| GOSS_VERSION=${{ github.ref_name }} | ||
| context: . | ||
| push: true | ||
| tags: | | ||
| ghcr.io/${{ github.repository_owner }}/goss:latest | ||
| ghcr.io/${{ github.repository_owner }}/goss:${{ github.ref_name }} | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
| platforms: ${{ env.PLATFORMS }} | ||
|
|
||
| - name: Run Trivy vulnerability scanner | ||
| uses: aquasecurity/[email protected] | ||
| with: | ||
| image-ref: ghcr.io/${{ github.repository_owner }}/goss:master | ||
| format: "sarif" | ||
| output: "trivy-results.sarif" | ||
|
|
||
| - name: Upload Trivy scan results to GitHub Security tab | ||
| uses: github/codeql-action/upload-sarif@v3 | ||
| with: | ||
| sarif_file: "trivy-results.sarif" | ||
| name: Docker image for Goss | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - master | ||
| tags: | ||
| - "v*" | ||
| workflow_dispatch: | ||
|
|
||
| env: | ||
| PLATFORMS: "linux/amd64,linux/arm64" | ||
|
|
||
| jobs: | ||
| goss: | ||
| name: Build and push Docker image | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| packages: write | ||
| contents: read | ||
| security-events: write # To upload Trivy sarif files | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v3 | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Login to GHCR | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.repository_owner }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Extract metadata (tags, labels) for Docker | ||
| id: meta | ||
| uses: docker/metadata-action@v5 | ||
| with: | ||
| images: | | ||
| ghcr.io/${{ github.repository_owner }}/goss | ||
| - name: Get latest git tag | ||
| if: github.ref_name == 'master' | ||
| id: get-latest-tag | ||
| run: | | ||
| # source: https://github.com/actions-ecosystem/action-get-latest-tag/blob/main/entrypoint.sh | ||
| set -e | ||
| git config --global --add safe.directory /github/workspace | ||
| git fetch --tags --force | ||
| # This suppress an error occurred when the repository is a complete one. | ||
| git fetch --prune --unshallow 2>/dev/null || true | ||
| latest_tag=$(git describe --abbrev=0 --tags || true) | ||
| echo "tag=${latest_tag}" >> "$GITHUB_OUTPUT" | ||
| echo "Latest tag: $latest_tag" | ||
| - name: Set short git commit SHA | ||
| if: github.ref_name == 'master' | ||
| run: | | ||
| calculatedSha=$(git rev-parse --short ${{ github.sha }}) | ||
| echo "COMMIT_SHORT_SHA=$calculatedSha" >> $GITHUB_ENV | ||
| echo "COMMIT_SHORT_SHA: $calculatedSha" | ||
| - name: Get the current version of Go from project. | ||
| run: echo "GO_VERSION_FROM_PROJECT=$(go mod edit -json | jq -r .Go)" >> $GITHUB_ENV | ||
|
|
||
| - name: Build master goss image | ||
| if: github.ref_name == 'master' | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| build-args: | | ||
| GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }} | ||
| GOSS_VERSION=${{ steps.get-latest-tag.outputs.tag }}-${{ github.ref_name }}+${{ env.COMMIT_SHORT_SHA }} | ||
| context: . | ||
| push: true | ||
| tags: | | ||
| ghcr.io/${{ github.repository_owner }}/goss:master | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
| platforms: ${{ env.PLATFORMS }} | ||
|
|
||
| - name: Build release goss image | ||
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| build-args: | | ||
| GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }} | ||
| GOSS_VERSION=${{ github.ref_name }} | ||
| context: . | ||
| push: true | ||
| tags: | | ||
| ghcr.io/${{ github.repository_owner }}/goss:latest | ||
| ghcr.io/${{ github.repository_owner }}/goss:${{ github.ref_name }} | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
| platforms: ${{ env.PLATFORMS }} | ||
|
|
||
| - name: Run Trivy vulnerability scanner | ||
| uses: aquasecurity/[email protected] | ||
| with: | ||
| image-ref: ghcr.io/${{ github.repository_owner }}/goss:master | ||
| format: "sarif" | ||
| output: "trivy-results.sarif" | ||
|
|
||
| - name: Upload Trivy scan results to GitHub Security tab | ||
| uses: github/codeql-action/upload-sarif@v3 | ||
| with: | ||
| sarif_file: "trivy-results.sarif" |