Skip to content

feat(image/base): add jq #784

feat(image/base): add jq

feat(image/base): add jq #784

Workflow file for this run

name: build
on:
push:
branches:
- main
pull_request:
branches:
- main
schedule:
# Re-build all images at 2am UTC every Monday (8pm CST/9pm CDT)
#
# This ensures we always start with a recent base image, which
# reduces wasted space due to written-over files in the writable
# layer, ensures packages are up-to-date (since many of these
# images install the latest versions of packages available at
# build time), and allow us to ensure that images continue to
# be buildable from source (no removed packages).
#
# See: https://crontab.guru/#0_2_*_*_1
- cron: "0 2 * * 1"
workflow_dispatch:
permissions:
actions: read
checks: none
contents: read
id-token: write
deployments: none
issues: none
packages: none
pull-requests: none
repository-projects: none
security-events: write
statuses: none
jobs:
# Quick checks, running linters, checking formatting, etc
quick:
runs-on: ubuntu-latest
steps:
- name: Cancel previous runs
if: github.event_name == 'pull_request'
uses: styfle/cancel-workflow-action@0.12.1
- name: Checkout
uses: actions/checkout@v4
- name: Install Node.js
uses: actions/setup-node@v4
with:
node-version: 20.x
- name: Install Node.js modules
run: yarn install
- name: Check formatting
run: yarn format:check
images:
runs-on: ubuntu-latest
strategy:
fail-fast: false
name: images/ubuntu
steps:
- name: Cancel previous runs
if: github.event_name == 'pull_request'
uses: styfle/cancel-workflow-action@0.12.1
- name: Checkout
uses: actions/checkout@v4
- name: Install Trivy using install script
run: |
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.37.1
- name: Set up Depot CLI
uses: depot/setup-action@v1
- name: Build ubuntu images
run: |
${{ github.workspace }}/scripts/build_images.sh \
--tag=ubuntu
- name: Scan ubuntu images
run: |
${{ github.workspace }}/scripts/scan_images.sh \
--tag=ubuntu \
--output-file=trivy-results-ubuntu.sarif
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: trivy-results-ubuntu.sarif
category: trivy-ubuntu
- name: Upload Trivy scan results as an artifact
uses: actions/upload-artifact@v4
with:
name: trivy-ubuntu
path: trivy-results-ubuntu.sarif
retention-days: 7
- name: Authenticate to Docker Hub
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Push images to Docker Hub
if: github.event_name != 'pull_request'
run: |
${{ github.workspace }}/scripts/push_images.sh \
--tag=ubuntu