Add github workflows + dockerfile

neo9 · Sep 29, 2023 · fb6cdb4 · fb6cdb4
1 parent f88fcb1
commit fb6cdb4
Show file tree

Hide file tree

Showing 3 changed files with 96 additions and 0 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,33 @@
+name: Build and publish to DockerHub (latest)
+
+on:
+ push:
+ branches:
+ - master
+ - main
+
+jobs:
+ main:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@v2
+
+ - name: Login to DockerHub
+ uses: docker/login-action@v2
+ with:
+ username: ${{ secrets.DOCKER_HUB_USERNAME }}
+ password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+ - name: Build and push
+ id: docker_build
+ uses: docker/build-push-action@v4
+ with:
+ file: ./Dockerfile
+ push: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master') }}
+ tags: |
+ ${{ secrets.DOCKER_HUB_IMAGE }}:latest
+ ${{ secrets.DOCKER_HUB_IMAGE }}:${{ github.sha }}
+
+ - name: Image digest
+ run: echo ${{ steps.docker_build.outputs.digest }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,50 @@
+name: Publish release to DockerHub (release)
+
+on:
+ push:
+ tags:
+ - v*
+
+jobs:
+ main:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Get the version
+ id: get_version
+ run: echo "VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT
+
+ - name: Validate version
+ run: |
+ VERSION=${{ steps.get_version.outputs.VERSION }}
+ if [[ ! "$VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+ echo "Invalid version format"
+ exit 1
+ fi
+
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@v2
+
+ - name: Login to DockerHub
+ uses: docker/login-action@v2
+ with:
+ username: ${{ secrets.DOCKER_HUB_USERNAME }}
+ password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+ - name: Build and push
+ id: docker_build
+ uses: docker/build-push-action@v4
+ with:
+ file: ./Dockerfile
+ push: true
+ tags: |
+ ${{ secrets.DOCKER_HUB_IMAGE }}:${{ steps.get_version.outputs.VERSION }}
+ ${{ secrets.DOCKER_HUB_IMAGE }}:latest
+
+ - name: Image digest
+ run: echo ${{ steps.docker_build.outputs.digest }}
+
+ - name: Run Trivy vulnerability scanner
+ run: |
+ docker pull aquasec/trivy
+ docker run --rm -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy image ${{ secrets.DOCKER_HUB_IMAGE }}:${{ steps.get_version.outputs.VERSION }}
+
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,13 @@
+# Use the specified image as the base
+FROM ghcr.io/banzaicloud/fluentd:v1.14.6-alpine-5
+
+# Switch to root user to install packages
+USER root
+
+# Install necessary packages
+RUN apk update && \
+ apk add "libcrypto1.1=1.1.1t-r2" && \
+ apk add "libssl1.1=1.1.1t-r2"
+
+# Switch back to the original user ID (if applicable)
+USER fluent