aboutsummaryrefslogtreecommitdiffstats
path: root/.gitea/workflows/release.yaml
diff options
context:
space:
mode:
Diffstat (limited to '.gitea/workflows/release.yaml')
-rw-r--r--.gitea/workflows/release.yaml93
1 files changed, 93 insertions, 0 deletions
diff --git a/.gitea/workflows/release.yaml b/.gitea/workflows/release.yaml
new file mode 100644
index 0000000..8ec7333
--- /dev/null
+++ b/.gitea/workflows/release.yaml
@@ -0,0 +1,93 @@
+name: release
+
+on:
+ schedule:
+ - cron: '0 0 * * *'
+ push:
+ branches:
+ - master
+
+jobs:
+ release-default:
+ runs-on: ubuntu-latest
+ container:
+ image: gitea/runner-images:ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ with:
+ fetch-depth: 0 # all history for all branches and tags
+
+ - name: Set up QEMU
+ uses: docker/setup-qemu-action@v3
+
+ - name: Set up Docker BuildX
+ uses: docker/setup-buildx-action@v3
+
+ - name: Login to DockerHub
+ uses: docker/login-action@v3
+ with:
+ username: ${{ secrets.DOCKER_REGISTRY_USER }}
+ password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
+
+ - name: Check syntax docker
+ uses: hadolint/hadolint-action@v3.1.0
+ with:
+ dockerfile: Dockerfile
+ ignore: DL3013,DL3018
+
+ - name: Get Meta
+ id: meta
+ run: |
+ LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null)
+ COMMIT_HASH=$(git rev-parse --short HEAD)
+ TAG_AT_HEAD=$(git describe --tags --exact-match 2>/dev/null)
+ if [ -n "$TAG_AT_HEAD" ]; then
+ FINAL_VERSION=${TAG_AT_HEAD#v}
+ else
+ if [ -z "$LATEST_TAG" ]; then
+ FINAL_VERSION=$COMMIT_HASH
+ else
+ FINAL_VERSION="${LATEST_TAG#v}-g${COMMIT_HASH}"
+ fi
+ fi
+ echo "IMAGE_VERSION=${FINAL_VERSION}" >> $GITHUB_OUTPUT
+
+ - name: Build Docker image
+ id: build-image
+ uses: docker/build-push-action@v6
+ with:
+ context: .
+ file: Dockerfile
+ platforms: |
+ linux/amd64
+ linux/386
+ push: false
+ no-cache: true
+ tags: |
+ ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:latest
+ ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:v${{ steps.meta.outputs.IMAGE_VERSION }}
+
+ - name: Run Trivy vulnerability scanner
+ uses: aquasecurity/trivy-action@master
+ with:
+ image-ref: ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:latest
+ format: 'table'
+ exit-code: '1'
+ ignore-unfixed: true
+ vuln-type: 'os'
+ severity: 'CRITICAL,HIGH'
+
+ - name: Push Docker image
+ uses: docker/build-push-action@v6
+ with:
+ context: .
+ file: Dockerfile
+ platforms: |
+ linux/amd64
+ linux/386
+ push: true
+ no-cache: false
+ tags: |
+ ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:latest
+ ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:v${{ steps.meta.outputs.IMAGE_VERSION }}