diff options
| -rw-r--r-- | .gitea/workflows/release.yaml | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/.gitea/workflows/release.yaml b/.gitea/workflows/release.yaml new file mode 100644 index 0000000..8ec7333 --- /dev/null +++ b/.gitea/workflows/release.yaml @@ -0,0 +1,93 @@ +name: release + +on: + schedule: + - cron: '0 0 * * *' + push: + branches: + - master + +jobs: + release-default: + runs-on: ubuntu-latest + container: + image: gitea/runner-images:ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 # all history for all branches and tags + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker BuildX + uses: docker/setup-buildx-action@v3 + + - name: Login to DockerHub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_REGISTRY_USER }} + password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} + + - name: Check syntax docker + uses: hadolint/hadolint-action@v3.1.0 + with: + dockerfile: Dockerfile + ignore: DL3013,DL3018 + + - name: Get Meta + id: meta + run: | + LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null) + COMMIT_HASH=$(git rev-parse --short HEAD) + TAG_AT_HEAD=$(git describe --tags --exact-match 2>/dev/null) + if [ -n "$TAG_AT_HEAD" ]; then + FINAL_VERSION=${TAG_AT_HEAD#v} + else + if [ -z "$LATEST_TAG" ]; then + FINAL_VERSION=$COMMIT_HASH + else + FINAL_VERSION="${LATEST_TAG#v}-g${COMMIT_HASH}" + fi + fi + echo "IMAGE_VERSION=${FINAL_VERSION}" >> $GITHUB_OUTPUT + + - name: Build Docker image + id: build-image + uses: docker/build-push-action@v6 + with: + context: . + file: Dockerfile + platforms: | + linux/amd64 + linux/386 + push: false + no-cache: true + tags: | + ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:latest + ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:v${{ steps.meta.outputs.IMAGE_VERSION }} + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:latest + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os' + severity: 'CRITICAL,HIGH' + + - name: Push Docker image + uses: docker/build-push-action@v6 + with: + context: . + file: Dockerfile + platforms: | + linux/amd64 + linux/386 + push: true + no-cache: false + tags: | + ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:latest + ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:v${{ steps.meta.outputs.IMAGE_VERSION }} |