-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Pierre Groell
committed
Sep 29, 2023
1 parent
f88fcb1
commit fb6cdb4
Showing
3 changed files
with
96 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
name: Build and publish to DockerHub (latest) | ||
|
||
on: | ||
push: | ||
branches: | ||
- master | ||
- main | ||
|
||
jobs: | ||
main: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v2 | ||
|
||
- name: Login to DockerHub | ||
uses: docker/login-action@v2 | ||
with: | ||
username: ${{ secrets.DOCKER_HUB_USERNAME }} | ||
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | ||
|
||
- name: Build and push | ||
id: docker_build | ||
uses: docker/build-push-action@v4 | ||
with: | ||
file: ./Dockerfile | ||
push: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master') }} | ||
tags: | | ||
${{ secrets.DOCKER_HUB_IMAGE }}:latest | ||
${{ secrets.DOCKER_HUB_IMAGE }}:${{ github.sha }} | ||
- name: Image digest | ||
run: echo ${{ steps.docker_build.outputs.digest }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
name: Publish release to DockerHub (release) | ||
|
||
on: | ||
push: | ||
tags: | ||
- v* | ||
|
||
jobs: | ||
main: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Get the version | ||
id: get_version | ||
run: echo "VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT | ||
|
||
- name: Validate version | ||
run: | | ||
VERSION=${{ steps.get_version.outputs.VERSION }} | ||
if [[ ! "$VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | ||
echo "Invalid version format" | ||
exit 1 | ||
fi | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v2 | ||
|
||
- name: Login to DockerHub | ||
uses: docker/login-action@v2 | ||
with: | ||
username: ${{ secrets.DOCKER_HUB_USERNAME }} | ||
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | ||
|
||
- name: Build and push | ||
id: docker_build | ||
uses: docker/build-push-action@v4 | ||
with: | ||
file: ./Dockerfile | ||
push: true | ||
tags: | | ||
${{ secrets.DOCKER_HUB_IMAGE }}:${{ steps.get_version.outputs.VERSION }} | ||
${{ secrets.DOCKER_HUB_IMAGE }}:latest | ||
- name: Image digest | ||
run: echo ${{ steps.docker_build.outputs.digest }} | ||
|
||
- name: Run Trivy vulnerability scanner | ||
run: | | ||
docker pull aquasec/trivy | ||
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy image ${{ secrets.DOCKER_HUB_IMAGE }}:${{ steps.get_version.outputs.VERSION }} | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# Use the specified image as the base | ||
FROM ghcr.io/banzaicloud/fluentd:v1.14.6-alpine-5 | ||
|
||
# Switch to root user to install packages | ||
USER root | ||
|
||
# Install necessary packages | ||
RUN apk update && \ | ||
apk add "libcrypto1.1=1.1.1t-r2" && \ | ||
apk add "libssl1.1=1.1.1t-r2" | ||
|
||
# Switch back to the original user ID (if applicable) | ||
USER fluent |