From 289fa23728f6d3f0facc06d83536d3080a6cedc4 Mon Sep 17 00:00:00 2001 From: Daan Selen Date: Mon, 16 Jun 2025 14:27:12 +0200 Subject: [PATCH 1/4] streamline --- .github/workflows/docker.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index e2f1581..74e0acb 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -22,10 +22,6 @@ jobs: strategy: fail-fast: false steps: - - name: Generate a shorter Git commit sha. - id: gen_short_sha - run: echo "SHORT_SHA=${GITHUB_SHA::8}" >> $GITHUB_ENV - - name: Checkout repository uses: actions/checkout@v4 @@ -64,10 +60,6 @@ jobs: tags: | type=ref,event=branch type=ref,event=tag - type=raw,value=${{ env.SHORT_SHA }} - - - name: Print a message - run: echo "${{ steps.meta.outputs.tags }}" - name: Build and export (multi-arch) uses: docker/build-push-action@v6 From a5e18cb76142027b013fedfd88001c3afaf99945 Mon Sep 17 00:00:00 2001 From: Daan Selen Date: Mon, 16 Jun 2025 14:41:02 +0200 Subject: [PATCH 2/4] del pr running --- .github/workflows/docker.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 74e0acb..06c6002 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -9,7 +9,6 @@ on: - '*' release: types: [ published ] - pull_request: env: DOCKERHUB_PREFIX: docker.io From 8a380a45456acfaa73dd5321093c289337f686ff Mon Sep 17 00:00:00 2001 From: Daan Selen Date: Tue, 3 Jun 2025 15:17:36 +0200 Subject: [PATCH 3/4] Separated tasks (again) and separate builds --- .github/workflows/docker-build.yml | 86 ++++++++++++++++++++++++++++++ .github/workflows/docker-scan.yml | 37 +++++++++++++ 2 files changed, 123 insertions(+) create mode 100644 .github/workflows/docker-build.yml create mode 100644 .github/workflows/docker-scan.yml diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml new file mode 100644 index 0000000..d5d8c73 --- /dev/null +++ b/.github/workflows/docker-build.yml @@ -0,0 +1,86 @@ +name: Docker Build and Push + +on: + push: + branches: [main] + workflow_dispatch: + inputs: + trigger-build: + description: 'Trigger a manual build and push' + required: true + default: 'true' + +env: + DOCKER_HUB_PREFIX: docker.io + GHCR_PREFIX: ghcr.io + DOCKER_IMAGE: donaldzou/wgdashboard + +jobs: + docker_build: + runs-on: ubuntu-latest + strategy: + fail-fast: false + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + registry: ${{ env.DOCKER_HUB_PREFIX }} + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_PASSWORD }} + + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.GHCR_PREFIX }} + username: ${{ github.actor }} + password: ${{ secrets.GHCR_TOKEN }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + with: + platforms: linux/amd64,linux/arm64,linux/arm/v7 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Extract metadata (tags, labels) + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.DOCKER_HUB_PREFIX }}/${{ env.DOCKER_IMAGE }} + ${{ env.GHCR_PREFIX }}/${{ env.DOCKER_IMAGE }} + + - name: Build and export (multi-arch) + uses: docker/build-push-action@v6 + with: + context: . + file: ./docker/Dockerfile + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/amd64,linux/arm64,linux/arm/v7 + + - name: Docker Scout CVEs + uses: docker/scout-action@v1 + with: + command: cves + image: ${{ steps.meta.outputs.tags }} + only-severities: critical,high + only-fixed: true + write-comment: true + github-token: ${{ secrets.GITHUB_TOKEN }} + exit-code: true + + - name: Docker Scout Compare + uses: docker/scout-action@v1 + with: + command: compare + image: ${{ env.DOCKER_HUB_PREFIX }}/${{ env.DOCKER_IMAGE }}:nightly + to: ${{ env.DOCKER_HUB_PREFIX }}/${{ env.DOCKER_IMAGE }}:latest + only-severities: critical,high + ignore-unchanged: true + github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/docker-scan.yml b/.github/workflows/docker-scan.yml new file mode 100644 index 0000000..33a5ae3 --- /dev/null +++ b/.github/workflows/docker-scan.yml @@ -0,0 +1,37 @@ +name: Docker Scan + +on: + workflow_dispatch: + inputs: + trigger-scan: + description: 'Trigger a manual scan' + required: true + default: 'true' + +env: + DOCKER_IMAGE: donaldzou/wgdashboard + +jobs: + docker_scan: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + registry: docker.io + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_PASSWORD }} + + - name: Docker Scout CVEs + uses: docker/scout-action@v1 + with: + command: cves + image: ${{ env.DOCKER_IMAGE }}:nightly + only-severities: critical,high + only-fixed: true + write-comment: true + github-token: ${{ secrets.GITHUB_TOKEN }} + exit-code: true From 87069329d82d046e9e8fb115180bcb79117a0c83 Mon Sep 17 00:00:00 2001 From: Daan Selen Date: Mon, 16 Jun 2025 14:45:23 +0200 Subject: [PATCH 4/4] Where do these come from? --- .github/workflows/docker-build.yml | 86 ------------------------------ .github/workflows/docker-scan.yml | 37 ------------- 2 files changed, 123 deletions(-) delete mode 100644 .github/workflows/docker-build.yml delete mode 100644 .github/workflows/docker-scan.yml diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml deleted file mode 100644 index d5d8c73..0000000 --- a/.github/workflows/docker-build.yml +++ /dev/null @@ -1,86 +0,0 @@ -name: Docker Build and Push - -on: - push: - branches: [main] - workflow_dispatch: - inputs: - trigger-build: - description: 'Trigger a manual build and push' - required: true - default: 'true' - -env: - DOCKER_HUB_PREFIX: docker.io - GHCR_PREFIX: ghcr.io - DOCKER_IMAGE: donaldzou/wgdashboard - -jobs: - docker_build: - runs-on: ubuntu-latest - strategy: - fail-fast: false - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Log in to Docker Hub - uses: docker/login-action@v3 - with: - registry: ${{ env.DOCKER_HUB_PREFIX }} - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_PASSWORD }} - - - name: Log in to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ${{ env.GHCR_PREFIX }} - username: ${{ github.actor }} - password: ${{ secrets.GHCR_TOKEN }} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - platforms: linux/amd64,linux/arm64,linux/arm/v7 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Extract metadata (tags, labels) - id: meta - uses: docker/metadata-action@v5 - with: - images: | - ${{ env.DOCKER_HUB_PREFIX }}/${{ env.DOCKER_IMAGE }} - ${{ env.GHCR_PREFIX }}/${{ env.DOCKER_IMAGE }} - - - name: Build and export (multi-arch) - uses: docker/build-push-action@v6 - with: - context: . - file: ./docker/Dockerfile - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - platforms: linux/amd64,linux/arm64,linux/arm/v7 - - - name: Docker Scout CVEs - uses: docker/scout-action@v1 - with: - command: cves - image: ${{ steps.meta.outputs.tags }} - only-severities: critical,high - only-fixed: true - write-comment: true - github-token: ${{ secrets.GITHUB_TOKEN }} - exit-code: true - - - name: Docker Scout Compare - uses: docker/scout-action@v1 - with: - command: compare - image: ${{ env.DOCKER_HUB_PREFIX }}/${{ env.DOCKER_IMAGE }}:nightly - to: ${{ env.DOCKER_HUB_PREFIX }}/${{ env.DOCKER_IMAGE }}:latest - only-severities: critical,high - ignore-unchanged: true - github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/docker-scan.yml b/.github/workflows/docker-scan.yml deleted file mode 100644 index 33a5ae3..0000000 --- a/.github/workflows/docker-scan.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: Docker Scan - -on: - workflow_dispatch: - inputs: - trigger-scan: - description: 'Trigger a manual scan' - required: true - default: 'true' - -env: - DOCKER_IMAGE: donaldzou/wgdashboard - -jobs: - docker_scan: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Log in to Docker Hub - uses: docker/login-action@v3 - with: - registry: docker.io - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_PASSWORD }} - - - name: Docker Scout CVEs - uses: docker/scout-action@v1 - with: - command: cves - image: ${{ env.DOCKER_IMAGE }}:nightly - only-severities: critical,high - only-fixed: true - write-comment: true - github-token: ${{ secrets.GITHUB_TOKEN }} - exit-code: true