99 pull_request :
1010 branches :
1111 - " main"
12+ # schedule:
13+ # - cron: "37 5 * * *"
14+
15+ permissions :
16+ contents : read
17+ pull-requests : write
18+
19+ env :
20+ PLATFORMS : linux/amd64,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x
1221
1322jobs :
14- docker :
23+ # check:
24+ # runs-on: ubuntu-latest
25+ # steps:
26+ # - name: Check Docker base image
27+ # id: check
28+ # uses: lucacome/docker-image-update-checker@v1
29+ # with:
30+ # base-image: ubuntu:latest
31+ # image: ${{ vars.DOCKERHUB_IMAGE }}:latest
32+ # platforms: ${{ env.PLATFORMS }}
33+ # outputs:
34+ # needs-updating: ${{ steps.check.outputs.needs-updating }}
35+ build :
1536 runs-on : ubuntu-latest
37+ # needs: check
38+ # if: ${{ github.event_name != 'schedule' || needs.check.outputs.needs-updating == 'true' }}
1639 steps :
1740 - name : Checkout
1841 uses : actions/checkout@v4
@@ -25,35 +48,49 @@ jobs:
2548 with :
2649 username : ${{ secrets.DOCKERHUB_USERNAME }}
2750 password : ${{ secrets.DOCKERHUB_TOKEN }}
28- - name : Build and export
51+ - name : Extract Docker metadata
52+
53+ id : meta
54+ uses : docker/metadata-action@v5
55+ with :
56+ images : |
57+ ${{ vars.DOCKERHUB_IMAGE }}
58+ tags : |
59+ type=semver,pattern={{version}}
60+ type=semver,pattern={{major}}.{{minor}}
61+ type=semver,pattern={{major}}
62+ type=ref,event=branch
63+ type=ref,event=pr
64+ labels : |
65+ org.opencontainers.image.title=docker-diskmark
66+ org.opencontainers.image.description=A disk benchmarking tool for Docker
67+ name : Build and push Docker image
2968 uses : docker/build-push-action@v5
3069 with :
3170 context : .
32- platforms : linux/amd64,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x
71+ platforms : ${{ env.PLATFORMS }}
3372 cache-from : type=registry,ref=${{ vars.DOCKERHUB_IMAGE }}:buildcache
3473 cache-to : type=registry,ref=${{ vars.DOCKERHUB_IMAGE }}:buildcache,mode=max
3574 push : true
36- tags : ${{ vars.DOCKERHUB_IMAGE }}:${{ github.sha }}
37- - name : Push semver tags
38- if : github.ref_type == 'tag'
39- run : |
40- GITHUB_REF=${{ github.ref }}
41- GITHUB_TAG=${GITHUB_REF#refs/tags/}
42- TAGS=""
43- if [ "${GITHUB_TAG}" != *-* ]; then # if not a pre-release
44- TAGS+=" --tag ${{ vars.DOCKERHUB_IMAGE }}:${GITHUB_TAG%%.*}" # major version tag (e.g. 1)
45- TAGS+=" --tag ${{ vars.DOCKERHUB_IMAGE }}:${GITHUB_TAG%.*}" # major.minor version tag (e.g. 1.2)
46- fi
47- TAGS+=" --tag ${{ vars.DOCKERHUB_IMAGE }}:${GITHUB_TAG}" # full version tag (e.g. 1.2.3-rc.4)
48- docker buildx imagetools create ${TAGS} ${{ vars.DOCKERHUB_IMAGE }}:${{ github.sha }}
49- name : Push "latest" tag
50- if : github.ref == 'refs/heads/main'
51- run : |
52- docker buildx imagetools create \
53- --tag ${{ vars.DOCKERHUB_IMAGE }}:latest \
54- ${{ vars.DOCKERHUB_IMAGE }}:${{ github.sha }}
75+ # push: ${{ github.event_name != 'pull_request' }}
76+ tags : ${{ steps.meta.outputs.tags }}
77+ labels : ${{ steps.meta.outputs.labels }}
78+ - name : Docker Scout
79+ id : docker-scout
80+ if : ${{ github.event_name == 'pull_request' }}
81+ uses : docker/scout-action@v1
82+ with :
83+ command : cves,recommendations,compare
84+ image : ${{ steps.meta.outputs.tags }}
85+ to : ${{ vars.DOCKERHUB_IMAGE }}:latest
86+ ignore-base : true
87+ ignore-unchanged : true
88+ only-fixed : true
89+ # only-severities: critical,high
90+ write-comment : true
91+ github-token : ${{ secrets.GITHUB_TOKEN }}
5592 - name : Update repo description
56- if : github.ref == 'refs/heads/main'
93+ if : ${{ github.ref == 'refs/heads/main' }}
5794 uses : peter-evans/dockerhub-description@v3
5895 with :
5996 username : ${{ secrets.DOCKERHUB_USERNAME }}
0 commit comments