Skip to content

[automation] Auto-update linters version, help and documentation (#4299) #1768

[automation] Auto-update linters version, help and documentation (#4299)

[automation] Auto-update linters version, help and documentation (#4299) #1768

Workflow file for this run

---
#########################
#########################
## Deploy Docker Image ##
#########################
#########################
#
# Documentation:
# https://help.github.com/en/articles/workflow-syntax-for-github-actions
#
#######################################
# Start the job on all push to main #
#######################################
name: "Build & Deploy - BETA"
on:
push:
branches:
- main
- dbgbeta
paths:
- ".github/workflows/**"
- "Dockerfile"
- "flavors/**"
- "megalinter/**"
- "mega-linter-runner/**"
- "**/linter-versions.json"
- "TEMPLATES/**"
- ".trivyignore"
- "**/.sh"
###############
# Set the Job #
###############
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
jobs:
build:
# Name the Job
name: Deploy Docker Image - BETA
# Set the agent to run on
runs-on: ubuntu-latest
permissions:
actions: write
packages: write
# Only run this on the main repo
if: github.repository == 'oxsecurity/megalinter' && !contains(github.event.head_commit.message, 'skip deploy') && !contains(github.event.head_commit.message, 'Release MegaLinter v')
environment:
name: beta
##################
# Load all steps #
##################
steps:
- name: Checkout Code
uses: actions/checkout@v4
########################################################
# Publish updated version of mega-linter-runner on NPM #
########################################################
- uses: actions/setup-node@v4.1.0
with:
node-version: "20.x"
registry-url: "https://registry.npmjs.org"
- run: cd mega-linter-runner && yarn install --frozen-lockfile
- run: cd mega-linter-runner && BETAID=$(date '+%Y%m%d%H%M') && npm version prerelease --preid="beta$BETAID"
shell: bash
- run: cd mega-linter-runner && npm publish --tag beta || echo "mega-linter-runner beta not published"
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
# Free disk space
- name: Free Disk space
shell: bash
run: |
sudo rm -rf /usr/local/lib/android # will release about 10 GB if you don't need Android
sudo rm -rf /usr/share/dotnet # will release about 20GB if you don't need .NET
sudo rm -rf /opt/ghc
sudo rm -rf "$AGENT_TOOLSDIRECTORY"
- name: Docker Metadata action
uses: docker/metadata-action@v5.6.1
id: meta
with:
images: |
name=ghcr.io/${{ github.repository }}
tags: |
type=raw,value=beta
- name: Docker Metadata action (Docker Hub)
uses: docker/metadata-action@v5.6.1
id: meta-dhub
with:
images: |
name=docker.io/${{ github.repository }}
tags: |
type=raw,value=beta
- name: Docker Metadata action (Server)
uses: docker/metadata-action@v5.6.1
id: meta-s
with:
images: |
name=ghcr.io/${{ github.repository }}-server
tags: |
type=raw,value=beta
- name: Docker Metadata action (Server Docker Hub)
uses: docker/metadata-action@v5.6.1
id: meta-s-dhub
with:
images: |
name=docker.io/${{ github.repository }}-server
tags: |
type=raw,value=beta
# - name: Docker Metadata action (Worker)
# uses: docker/metadata-action@v5.5.1
# id: meta-w
# with:
# images: |
# name=ghcr.io/${{ github.repository }}-worker
# tags: |
# type=raw,value=beta
- name: Docker Metadata action (Worker Server)
uses: docker/metadata-action@v5.6.1
id: meta-w-dhub
with:
images: |
name=docker.io/${{ github.repository }}-worker
tags: |
type=raw,value=beta
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build & Push Docker Image (Server)
uses: docker/build-push-action@v6
with:
context: .
file: server/Dockerfile
platforms: linux/amd64
build-args: |
BUILD_DATE=${{ fromJSON(steps.meta-s.outputs.json).labels['org.opencontainers.image.created'] }}
BUILD_VERSION=${{ fromJSON(steps.meta-s.outputs.json).labels['org.opencontainers.image.version'] }}
BUILD_REVISION=${{ fromJSON(steps.meta-s.outputs.json).labels['org.opencontainers.image.revision'] }}
load: false
push: ${{ github.event_name != 'pull_request' }}
secrets: |
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
tags: ${{ steps.meta-s.outputs.tags }}
- name: Invoke Mirror docker image workflow (Server image)
uses: benc-uk/workflow-dispatch@v1
with:
workflow: mirror-docker-image.yml
inputs: '{ "source-image": "${{ steps.meta-s.outputs.tags }}", "target-image": "${{ steps.meta-s-dhub.outputs.tags }}" }'
- name: Build & Push Docker Image
uses: docker/build-push-action@v6
with:
context: .
file: Dockerfile
platforms: linux/amd64
build-args: |
BUILD_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
BUILD_VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}
BUILD_REVISION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
load: false
push: ${{ github.event_name != 'pull_request' }}
secrets: |
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
tags: ${{ steps.meta.outputs.tags }}
- name: Invoke Mirror docker image workflow (Main image)
uses: benc-uk/workflow-dispatch@v1
with:
workflow: mirror-docker-image.yml
inputs: '{ "source-image": "${{ steps.meta.outputs.tags }}", "target-image": "${{ steps.meta-dhub.outputs.tags }}" }'
# - name: Build & Push Docker Worker Image
# uses: docker/build-push-action@v6
# with:
# context: .
# file: Dockerfile-worker
# platforms: linux/amd64
# build-args: |
# MEGALINTER_BASE_IMAGE=${{ fromJson(steps.meta-w.outputs.json).tags[0]}}
# BUILD_DATE=${{ fromJSON(steps.meta-w.outputs.json).labels['org.opencontainers.image.created'] }}
# BUILD_VERSION=${{ fromJSON(steps.meta-w.outputs.json).labels['org.opencontainers.image.version'] }}
# BUILD_REVISION=${{ fromJSON(steps.meta-w.outputs.json).labels['org.opencontainers.image.revision'] }}
# load: false
# push: ${{ github.event_name != 'pull_request' }}
# secrets: |
# GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
# tags: ${{ steps.meta-w.outputs.tags }}
# - name: Invoke Mirror docker image workflow (Worker image)
# uses: benc-uk/workflow-dispatch@v1
# with:
# workflow: mirror-docker-image.yml
# inputs: '{ "source-image": "${{ steps.meta-w.outputs.tags }}", "target-image": "${{ steps.meta-w-dhub.outputs.tags }}" }'
# ###############################
# # Run tests for code coverage #
# ###############################
# - name: Run Test Cases and code coverage
# shell: bash
# run: |
# export CI_ENV="$(bash <(curl -s https://codecov.io/env)) -e GITHUB_ACTIONS"
# echo "CI_ENV=${CI_ENV}"
# docker run $CI_ENV -e TEST_CASE_RUN=true -e OUTPUT_FORMAT=text -e OUTPUT_FOLDER=${{ github.sha }} -e OUTPUT_DETAIL=detailed -e GITHUB_SHA=${{ github.sha }} -e GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}" -e MEGALINTER_VOLUME_ROOT="${GITHUB_WORKSPACE}" -v "/var/run/docker.sock:/var/run/docker.sock:rw" -v ${GITHUB_WORKSPACE}:/tmp/lint oxsecurity/megalinter:beta
# timeout-minutes: 60
##############################################
# Check Docker image security with Trivy #
##############################################
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ steps.meta.outputs.tags }}"
format: 'table'
exit-code: '1'
ignore-unfixed: true
scanners: vuln
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
timeout: 15m0s
env:
ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }}