99 pull_request :
1010 branches :
1111 - " main"
12+ # schedule:
13+ # - cron: "37 5 * * *"
14+
15+ env :
16+ PLATFORMS : linux/amd64,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x
1217
1318jobs :
14- docker :
19+ # check:
20+ # runs-on: ubuntu-latest
21+ # steps:
22+ # - name: Check Docker base image
23+ # id: check
24+ # uses: lucacome/docker-image-update-checker@v1
25+ # with:
26+ # base-image: ubuntu:latest
27+ # image: ${{ vars.DOCKERHUB_IMAGE }}:latest
28+ # platforms: ${{ env.PLATFORMS }}
29+ # outputs:
30+ # needs-updating: ${{ steps.check.outputs.needs-updating }}
31+ build :
1532 runs-on : ubuntu-latest
33+ # needs: check
34+ # if: ${{ github.event_name != 'schedule' || needs.check.outputs.needs-updating == 'true' }}
1635 steps :
1736 - name : Checkout
1837 uses : actions/checkout@v4
@@ -25,35 +44,49 @@ jobs:
2544 with :
2645 username : ${{ secrets.DOCKERHUB_USERNAME }}
2746 password : ${{ secrets.DOCKERHUB_TOKEN }}
28- - name : Build and export
47+ - name : Extract Docker metadata
48+
49+ id : meta
50+ uses : docker/metadata-action@v5
51+ with :
52+ images : |
53+ ${{ vars.DOCKERHUB_IMAGE }}
54+ tags : |
55+ type=semver,pattern={{version}}
56+ type=semver,pattern={{major}}.{{minor}}
57+ type=semver,pattern={{major}}
58+ type=ref,event=branch
59+ type=ref,event=pr
60+ labels : |
61+ org.opencontainers.image.title=docker-diskmark
62+ org.opencontainers.image.description=A disk benchmarking tool for Docker
63+ name : Build and push Docker image
2964 uses : docker/build-push-action@v5
3065 with :
3166 context : .
32- platforms : linux/amd64,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x
67+ platforms : ${{ env.PLATFORMS }}
3368 cache-from : type=registry,ref=${{ vars.DOCKERHUB_IMAGE }}:buildcache
3469 cache-to : type=registry,ref=${{ vars.DOCKERHUB_IMAGE }}:buildcache,mode=max
3570 push : true
36- tags : ${{ vars.DOCKERHUB_IMAGE }}:${{ github.sha }}
37- - name : Push semver tags
38- if : github.ref_type == 'tag'
39- run : |
40- GITHUB_REF=${{ github.ref }}
41- GITHUB_TAG=${GITHUB_REF#refs/tags/}
42- TAGS=""
43- if [ "${GITHUB_TAG}" != *-* ]; then # if not a pre-release
44- TAGS+=" --tag ${{ vars.DOCKERHUB_IMAGE }}:${GITHUB_TAG%%.*}" # major version tag (e.g. 1)
45- TAGS+=" --tag ${{ vars.DOCKERHUB_IMAGE }}:${GITHUB_TAG%.*}" # major.minor version tag (e.g. 1.2)
46- fi
47- TAGS+=" --tag ${{ vars.DOCKERHUB_IMAGE }}:${GITHUB_TAG}" # full version tag (e.g. 1.2.3-rc.4)
48- docker buildx imagetools create ${TAGS} ${{ vars.DOCKERHUB_IMAGE }}:${{ github.sha }}
49- name : Push "latest" tag
50- if : github.ref == 'refs/heads/main'
51- run : |
52- docker buildx imagetools create \
53- --tag ${{ vars.DOCKERHUB_IMAGE }}:latest \
54- ${{ vars.DOCKERHUB_IMAGE }}:${{ github.sha }}
71+ # push: ${{ github.event_name != 'pull_request' }}
72+ tags : ${{ steps.meta.outputs.tags }}
73+ labels : ${{ steps.meta.outputs.labels }}
74+ - name : Docker Scout
75+ id : docker-scout
76+ if : ${{ github.event_name == 'pull_request' }}
77+ uses : docker/scout-action@v1
78+ with :
79+ command : cves,recommendations,compare
80+ image : ${{ steps.meta.outputs.tags }}
81+ to : ${{ vars.DOCKERHUB_IMAGE }}:latest
82+ ignore-base : true
83+ ignore-unchanged : true
84+ only-fixed : true
85+ # only-severities: critical,high
86+ write-comment : true
87+ github-token : ${{ github.token }}
5588 - name : Update repo description
56- if : github.ref == 'refs/heads/main'
89+ if : ${{ github.ref == 'refs/heads/main' }}
5790 uses : peter-evans/dockerhub-description@v3
5891 with :
5992 username : ${{ secrets.DOCKERHUB_USERNAME }}
0 commit comments