diff options
Diffstat (limited to '.gitea')
| -rw-r--r-- | .gitea/workflows/git-sync.yaml | 3 | ||||
| -rw-r--r-- | .gitea/workflows/release.yaml | 29 |
2 files changed, 16 insertions, 16 deletions
diff --git a/.gitea/workflows/git-sync.yaml b/.gitea/workflows/git-sync.yaml index 0dfad3f..3af5dcd 100644 --- a/.gitea/workflows/git-sync.yaml +++ b/.gitea/workflows/git-sync.yaml @@ -10,6 +10,9 @@ jobs: runs-on: ubuntu-latest steps: + - name: Collect Workflow Telemetry + uses: catchpoint/workflow-telemetry-action@v2 + - name: git-sync env: git_sync_source_repo: git@git.fridu.us:heckyel/yt-local-docker.git diff --git a/.gitea/workflows/release.yaml b/.gitea/workflows/release.yaml index d580c5b..12e6b1f 100644 --- a/.gitea/workflows/release.yaml +++ b/.gitea/workflows/release.yaml @@ -10,12 +10,13 @@ on: jobs: release-default: runs-on: ubuntu-latest - container: - image: gitea/runner-images:ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 + - name: Extract YT_BRANCH version + run: echo "VERSION=$(grep -oP 'ARG YT_BRANCH="\K[^"]+' core/Dockerfile)" >> $GITHUB_ENV + - name: Set up QEMU uses: docker/setup-qemu-action@v3 @@ -40,26 +41,24 @@ jobs: with: context: core file: core/Dockerfile - platforms: | - linux/amd64 - linux/arm/v7 - linux/arm64 - linux/386 push: false + platforms: linux/amd64 # load not supported for multi-platform builds no-cache: true + load: true # load is required to use the image in analyze trivy step tags: | ${{ secrets.DOCKER_REGISTRY_USER}}/yt-local:latest - ${{ secrets.DOCKER_REGISTRY_USER}}/yt-local:v0.2.19 + ${{ secrets.DOCKER_REGISTRY_USER}}/yt-local:${{ env.VERSION }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master + uses: astounds/trivy-action@v1 with: - image-ref: ${{ secrets.DOCKER_REGISTRY_USER}}/yt-local:latest + image: ${{ secrets.DOCKER_REGISTRY_USER}}/yt-local:latest + severity: 'CRITICAL,HIGH' + pkg-types: 'os' format: 'table' - exit-code: '1' ignore-unfixed: true - vuln-type: 'os' - severity: 'CRITICAL,HIGH' + exit-code: '1' + version: 'v0.58.2' - name: Push Docker image uses: docker/build-push-action@v6 @@ -68,11 +67,9 @@ jobs: file: core/Dockerfile platforms: | linux/amd64 - linux/arm/v7 linux/arm64 - linux/386 push: true no-cache: false tags: | ${{ secrets.DOCKER_REGISTRY_USER}}/yt-local:latest - ${{ secrets.DOCKER_REGISTRY_USER}}/yt-local:v0.2.19 + ${{ secrets.DOCKER_REGISTRY_USER}}/yt-local:${{ env.VERSION }} |