Skip to content

Release Jumpbox

Release Jumpbox #25

Workflow file for this run

name: Release Jumpbox
on:
workflow_dispatch:
schedule:
- cron: "0 2 1 * *"
push:
branches:
- "main"
tags:
- "v*"
paths-ignore:
- "README.md"
- "example/**"
- "policy/**"
jobs:
validate-json:
name: Validate Authorized Keys JSON
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Validate JSON
run: jq . keys/authorized_keys.json > /dev/null
validate-users:
name: Validate Users
needs: validate-json
runs-on: ubuntu-latest
env:
Regex: ^[a-z_]([a-z0-9_-]{0,31}|[a-z0-9_-]{0,30}\$)$
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Validate Users
run: |
jq -r 'keys_unsorted[]' keys/authorized_keys.json | while read u; do
if [[ ! $u =~ ${Regex} ]]; then
echo "Username '"$u"' is not valid"
exit 1
fi
done
audit:
uses: ./.github/workflows/audit.yml
needs:
- validate-json
- validate-users
docker-release:
name: Docker Release
needs:
- validate-json
- validate-users
- audit
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup QEMU
uses: docker/setup-qemu-action@v2
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Container Metadata
id: metadata
uses: docker/metadata-action@v4
with:
images: |
ghcr.io/${{ github.repository_owner }}/jumpbox
flavor: |
latest=false
prefix=
suffix=
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=ref,event=branch
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
- name: Build and Push Container
uses: docker/build-push-action@v4
with:
context: .
file: build/Dockerfile
push: true
platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v6,linux/arm/v7
tags: ${{ steps.metadata.outputs.tags }}
labels: ${{ steps.metadata.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max