apps/scratch-cloudvars-server
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

feat: update ci/cd, migrate to zot container registry
Some checks failed
Lint, Build, Scan and Publish Docker Image / build-and-push (push) Failing after 1m44s
Details

Browse Source
This commit is contained in:
Arne Baeumler
2026-01-25 20:35:30 +01:00
parent 6c4613d899
commit 8b454dfb37
1 changed files with 28 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
.gitea/workflows/publish-docker.yml
View File

@@ -14,28 +14,35 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: install Trivy Security scanner # - name: install Trivy Security scanner
run: | # run: |
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin # curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
#
- name: Lint & Format Check python code with ruff # - name: Lint & Format Check python code with ruff
uses: astral-sh/ruff-action@v3 # uses: astral-sh/ruff-action@v3
#
- name: Lint Dockerfile (Hadolint) # - name: Lint Dockerfile (Hadolint)
uses: hadolint/hadolint-action@v3.1.0 # uses: hadolint/hadolint-action@v3.1.0
with: # with:
dockerfile: Dockerfile # dockerfile: Dockerfile
#
- name: Security Lint Dockerfile (Trivy) # - name: Security Lint Dockerfile (Trivy)
run: | # run: |
trivy config --exit-code 1 --severity CRITICAL,HIGH . # trivy config --exit-code 1 --severity CRITICAL,HIGH .
#
# - name: Log in to Gitea Container Registry
# uses: docker/login-action@v3
# with:
# registry: git.br0tkasten.de
# username: ${{ secrets.PACKAGE_USER }}
# password: ${{ secrets.PACKAGE_TOKEN }}
- name: Log in to Gitea Container Registry - name: Log in to Gitea Container Registry
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
registry: git.br0tkasten.de registry: registry.br0tkasten.de
username: ${{ secrets.PACKAGE_USER }} username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.PACKAGE_TOKEN }} password: ${{ secrets.REGISTRY_TOKEN }}
- name: Extract metadata (tags, labels) for Docker - name: Extract metadata (tags, labels) for Docker
id: meta id: meta
@@ -56,9 +63,9 @@ jobs:
load: true # This loads the image into the local docker daemon for Trivy to find load: true # This loads the image into the local docker daemon for Trivy to find
tags: local_scan_target:${{ github.sha }} tags: local_scan_target:${{ github.sha }}
- name: Run Trivy scanner (Binary Mode) # - name: Run Trivy scanner (Binary Mode)
run: | # run: |
trivy image --exit-code 1 --severity CRITICAL,HIGH --ignore-unfixed --server http://trivy-server:8080 local_scan_target:${{ github.sha }} # trivy image --exit-code 1 --severity CRITICAL,HIGH --ignore-unfixed --server http://trivy-server:8080 local_scan_target:${{ github.sha }}
- name: Build and push Docker image - name: Build and push Docker image
uses: docker/build-push-action@v5 uses: docker/build-push-action@v5