Merge pull request #43 from pascaliske/renovate/standard-changelog-6.x #124
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Image | |
| on: | |
| push: | |
| branches: | |
| - master | |
| tags: | |
| - v* | |
| pull_request: | |
| branches: | |
| - master | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| env: | |
| REPOSITORY: ${{ github.repository }} | |
| PLATFORMS: linux/amd64,linux/arm/v7,linux/arm64 | |
| steps: | |
| # build image name | |
| - name: Build image name | |
| id: image-name | |
| run: | | |
| echo "::set-output name=image::${REPOSITORY//docker-/}" | |
| # checkout | |
| - uses: actions/checkout@v4 | |
| # setup node | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '16' | |
| registry-url: 'https://registry.npmjs.org' | |
| # setup qemu | |
| - uses: docker/setup-qemu-action@v3 | |
| with: | |
| platforms: all | |
| # setup docker metadata | |
| - uses: docker/metadata-action@v5 | |
| id: metadata | |
| with: | |
| images: | | |
| ghcr.io/${{ steps.image-name.outputs.image }} | |
| ${{ steps.image-name.outputs.image }} | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.0.') }} | |
| type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }} | |
| # setup docker buildx | |
| - uses: docker/setup-buildx-action@v3 | |
| id: buildx | |
| with: | |
| version: latest | |
| install: true | |
| # login to docker hub | |
| - uses: docker/login-action@v3 | |
| if: github.event_name != 'pull_request' | |
| with: | |
| username: ${{ secrets.DOCKER_USER }} | |
| password: ${{ secrets.DOCKER_TOKEN }} | |
| # login to github container registry | |
| - uses: docker/login-action@v3 | |
| if: github.event_name != 'pull_request' | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # build & push image | |
| - uses: docker/build-push-action@v5 | |
| id: build | |
| with: | |
| builder: ${{ steps.buildx.outputs.name }} | |
| platforms: ${{ env.PLATFORMS }} | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.metadata.outputs.tags }} | |
| labels: ${{ steps.metadata.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| # generate release notes | |
| - name: Generate release notes | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| id: changelog | |
| run: | | |
| npx standard-changelog -i /dev/null -o CHANGES.md | |
| # create github release | |
| - uses: ncipollo/release-action@v1 | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| with: | |
| tag: v${{ steps.metadata.outputs.version }} | |
| name: Release v${{ steps.metadata.outputs.version }} | |
| bodyFile: CHANGES.md | |
| prerelease: ${{ steps.changelog.outputs.status == 'prereleased' }} | |
| draft: ${{ steps.changelog.outputs.status == 'unreleased' }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| artifacts: README.md,LICENSE.md | |
| # output image digest | |
| - name: Output image digest | |
| run: | | |
| echo ${{ steps.build.outputs.digest }} | |
| scan: | |
| name: Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| # build image name | |
| - name: Build image name | |
| id: image-name | |
| run: echo "::set-output name=image::${REPOSITORY//docker-/}" | |
| env: | |
| REPOSITORY: ${{ github.repository }} | |
| # checkout | |
| - uses: actions/checkout@v4 | |
| # scan image | |
| - uses: crazy-max/ghaction-container-scan@v3 | |
| id: scan | |
| with: | |
| image: ${{ steps.image-name.outputs.image }}:latest | |
| dockerfile: ./Dockerfile | |
| annotations: true | |
| # upload results file to github | |
| - uses: github/codeql-action/upload-sarif@v3 | |
| if: ${{ steps.scan.outputs.sarif != '' }} | |
| with: | |
| sarif_file: ${{ steps.scan.outputs.sarif }} |