From cad364e4072b70bff782f4f4dd0018d874a77887 Mon Sep 17 00:00:00 2001 From: DaanSelen <80752476+DaanSelen@users.noreply.github.com> Date: Wed, 4 Jun 2025 11:01:38 +0200 Subject: [PATCH 1/4] Update docker-build.yml Pulled out the action docs this time... --- .github/workflows/docker-build.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index b675933..b2bcbc2 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -46,18 +46,13 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Extract metadata (tags, labels) + - name: Docker meta by docs https://github.com/docker/metadata-action id: meta uses: docker/metadata-action@v5 with: images: | ${{ env.DOCKER_HUB_PREFIX }}/${{ env.DOCKER_IMAGE }} ${{ env.GHCR_PREFIX }}/${{ env.DOCKER_IMAGE }} - tags: | - type=semver,pattern={{version}} - type=semver,pattern=latest,enable={{is_tag}} - type=raw,value=main,enable={{ github.event_name == 'push' && is_default_branch }} - type=raw,value=nightly,enable={{ github.event_name == 'push' && is_default_branch }} - name: Build and export (multi-arch) uses: docker/build-push-action@v6 From 585bf37783c542bb9cb704d0d3217b983ea700f8 Mon Sep 17 00:00:00 2001 From: Daan Selen Date: Wed, 4 Jun 2025 13:04:17 +0200 Subject: [PATCH 2/4] THIS SHOULD BE WORKING --- .github/workflows/codeql-analyze.yaml | 1 + .github/workflows/docker-build.yml | 90 --------------------------- .gitignore | 1 + 3 files changed, 2 insertions(+), 90 deletions(-) delete mode 100644 .github/workflows/docker-build.yml diff --git a/.github/workflows/codeql-analyze.yaml b/.github/workflows/codeql-analyze.yaml index 18796f2..54d3b7e 100644 --- a/.github/workflows/codeql-analyze.yaml +++ b/.github/workflows/codeql-analyze.yaml @@ -12,6 +12,7 @@ name: "CodeQL" on: + workflow_dispatch: push: branches: [ main ] pull_request: diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml deleted file mode 100644 index b2bcbc2..0000000 --- a/.github/workflows/docker-build.yml +++ /dev/null @@ -1,90 +0,0 @@ -name: Docker Build and Push - -on: - push: - branches: [main] - workflow_dispatch: - inputs: - trigger-build: - description: 'Trigger a manual build and push' - required: true - default: 'true' - -env: - DOCKER_HUB_PREFIX: docker.io - GHCR_PREFIX: ghcr.io - DOCKER_IMAGE: donaldzou/wgdashboard - -jobs: - docker_build: - runs-on: ubuntu-latest - strategy: - fail-fast: false - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Log in to Docker Hub - uses: docker/login-action@v3 - with: - registry: ${{ env.DOCKER_HUB_PREFIX }} - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_PASSWORD }} - - - name: Log in to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ${{ env.GHCR_PREFIX }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - platforms: linux/amd64,linux/arm64,linux/arm/v7 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Docker meta by docs https://github.com/docker/metadata-action - id: meta - uses: docker/metadata-action@v5 - with: - images: | - ${{ env.DOCKER_HUB_PREFIX }}/${{ env.DOCKER_IMAGE }} - ${{ env.GHCR_PREFIX }}/${{ env.DOCKER_IMAGE }} - - - name: Build and export (multi-arch) - uses: docker/build-push-action@v6 - with: - context: . - file: ./docker/Dockerfile - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - platforms: linux/amd64,linux/arm64,linux/arm/v7 - - docker_scan: - runs-on: ubuntu-latest - needs: docker_build - steps: - - name: Docker Scout CVEs - uses: docker/scout-action@v1 - with: - command: cves - image: ${{ env.GHCR_PREFIX }}/${{ env.DOCKER_IMAGE }}:nightly - only-severities: critical,high - only-fixed: true - write-comment: true - github-token: ${{ secrets.GITHUB_TOKEN }} - exit-code: true - - - name: Docker Scout Compare - uses: docker/scout-action@v1 - with: - command: compare - image: ${{ env.GHCR_PREFIX }}/${{ env.DOCKER_IMAGE }}:nightly - to: ${{ env.GHCR_PREFIX }}/${{ env.DOCKER_IMAGE }}:latest - only-severities: critical,high - ignore-unchanged: true - github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.gitignore b/.gitignore index 8461e6a..df24dc4 100644 --- a/.gitignore +++ b/.gitignore @@ -18,6 +18,7 @@ src/db/wgdashboard.db node_modules/** */proxy.js src/static/app/proxy.js +.secrets # Logs logs From 532fedbb628737ed44c02e8aec6c4fa5e5e4d8f6 Mon Sep 17 00:00:00 2001 From: Daan Selen Date: Wed, 4 Jun 2025 13:05:35 +0200 Subject: [PATCH 3/4] Adding file --- .github/workflows/docker.yml | 108 +++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 .github/workflows/docker.yml diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 0000000..38eac93 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,108 @@ +name: Docker Build and Push + +on: + workflow_dispatch: + push: + branches: + - 'main' + tags: + - 'v*' + pull_request: + branches: + - 'main' + +env: + DOCKERHUB_PREFIX: docker.io + GITHUB_CONTAINER_PREFIX: ghcr.io + DOCKER_IMAGE: donaldzou/wgdashboard + +jobs: + docker_build: + runs-on: ubuntu-latest + strategy: + fail-fast: false + steps: + - name: Generate a shorter Git commit sha. + id: gen)short_sha + run: echo "SHORT_SHA=${GITHUB_SHA::8}" >> $GITHUB_ENV + + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + registry: ${{ env.DOCKERHUB_PREFIX }} + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_PASSWORD }} + + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.GITHUB_CONTAINER_PREFIX }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + with: + platforms: | + - linux/amd64 + - linux/arm64 + - linux/arm/v7 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Docker meta by docs https://github.com/docker/metadata-action + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.DOCKERHUB_PREFIX }}/${{ env.DOCKER_IMAGE }} + ${{ env.GITHUB_CONTAINER_PREFIX }}/${{ env.DOCKER_IMAGE }} + tags: | + type=ref,event=branch,format={{ref_name}} + type=raw,value=${{ env.SHORT_SHA }} + + type=semver,pattern={{version}} + type=semver,pattern=latest + + - name: Print a message + run: echo "${{ steps.meta.outputs.tags }}" + + - name: Build and export (multi-arch) + uses: docker/build-push-action@v6 + with: + context: . + file: ./docker/Dockerfile + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/amd64,linux/arm64,linux/arm/v7 + + docker_scan: + runs-on: ubuntu-latest + needs: docker_build + steps: + - name: Docker Scout CVEs + uses: docker/scout-action@v1 + with: + command: cves + image: ${{ env.GITHUB_CONTAINER_PREFIX }}/${{ env.DOCKER_IMAGE }}:nightly + only-severities: critical,high + only-fixed: true + write-comment: true + github-token: ${{ secrets.GITHUB_TOKEN }} + exit-code: true + + - name: Docker Scout Compare + uses: docker/scout-action@v1 + with: + command: compare + # Set to Github for maximum compat + image: ${{ env.GITHUB_CONTAINER_PREFIX }}/${{ env.DOCKER_IMAGE }}:main + to: ${{ env.GITHUB_CONTAINER_PREFIX }}/${{ env.DOCKER_IMAGE }}:latest + only-severities: critical,high + ignore-unchanged: true + github-token: ${{ secrets.GITHUB_TOKEN }} From 43070ab809efe9be20f00d27e364429e11624b0d Mon Sep 17 00:00:00 2001 From: Daan Selen Date: Wed, 4 Jun 2025 13:14:03 +0200 Subject: [PATCH 4/4] Syntax fix --- .github/workflows/docker.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 38eac93..ad6e2c1 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -23,7 +23,7 @@ jobs: fail-fast: false steps: - name: Generate a shorter Git commit sha. - id: gen)short_sha + id: gen_short_sha run: echo "SHORT_SHA=${GITHUB_SHA::8}" >> $GITHUB_ENV - name: Checkout repository @@ -55,7 +55,7 @@ jobs: uses: docker/setup-buildx-action@v3 - name: Docker meta by docs https://github.com/docker/metadata-action - id: meta + id: metadata uses: docker/metadata-action@v5 with: images: | @@ -64,8 +64,7 @@ jobs: tags: | type=ref,event=branch,format={{ref_name}} type=raw,value=${{ env.SHORT_SHA }} - - type=semver,pattern={{version}} + type=semver,pattern={{ version }} type=semver,pattern=latest - name: Print a message @@ -89,7 +88,7 @@ jobs: uses: docker/scout-action@v1 with: command: cves - image: ${{ env.GITHUB_CONTAINER_PREFIX }}/${{ env.DOCKER_IMAGE }}:nightly + image: ${{ env.GITHUB_CONTAINER_PREFIX }}/${{ env.DOCKER_IMAGE }}:main only-severities: critical,high only-fixed: true write-comment: true