diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7960d3b..2993a06 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,6 +1,5 @@ name: Continuous Integration env: - DOCKER_IMAGE: wyrihaximusnet/redirect DOCKER_IMAGE_REGISTRIES_SECRET_MAPPING: '{"ghcr.io":"GHCR_TOKEN","docker.io":"HUB_PASSCODE"}' on: push: @@ -73,16 +72,34 @@ jobs: - lint-dockerfile runs-on: ubuntu-latest steps: + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - uses: actions/checkout@v4 - run: cp -R $(echo -e "./images/$(ls ./images/ | shuf -n 1)") ./images/random if: matrix.image == 'random' - - run: docker image build --build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` --build-arg VCS_REF=`git rev-parse --short HEAD` -t "${DOCKER_IMAGE}:${{ matrix.image }}" --no-cache --build-arg VERSION=$TAG_VERSION ./images/${{ matrix.image }}/ - run: mkdir ./docker-image - - run: docker save "${DOCKER_IMAGE}:${{ matrix.image }}" -o ./docker-image/docker_image.tar - - uses: actions/upload-artifact@master + - name: Build and export + uses: docker/build-push-action@v6 + with: + context: ./images/${{ matrix.image }}/ + file: ./images/${{ matrix.image }}/Dockerfile + tags: wyrihaximusnet/redirect:${{ matrix.image }} + platforms: linux/amd64,linux/arm64 + outputs: type=tar,dest=./docker-image/docker_image.tar +# build-args: | +# BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` +# VCS_REF=`git rev-parse --short HEAD` + cache-from: type=gha + cache-to: type=gha,mode=max + - uses: actions/upload-artifact@v4 with: name: docker-image-${{ matrix.image }} path: ./docker-image + - run: docker image ls -a + - run: docker manifest inspect $(echo "wyrihaximusnet/redirect:${{ matrix.image }}" | tr '[:upper:]' '[:lower:]') + - run: docker manifest inspect $(echo "wyrihaximusnet/redirect:${{ matrix.image }}" | tr '[:upper:]' '[:lower:]') | docker run --rm -i backplane/jq '([.manifests[].platform | select(.os != "unknown")]?) | .[] | (.os + "/" + .architecture)' | docker run --rm -i backplane/jq -s '. | join(",")' scan-vulnerability: name: Scan ${{ matrix.image }} for vulnerabilities strategy: @@ -100,8 +117,11 @@ jobs: name: docker-image-${{ matrix.image }} path: ./docker-image - run: docker load --input ./docker-image/docker_image.tar + - run: docker image ls -a + - run: docker manifest inspect $(echo "wyrihaximusnet/redirect:${{ matrix.image }}" | tr '[:upper:]' '[:lower:]') + - run: docker manifest inspect $(echo "wyrihaximusnet/redirect:${{ matrix.image }}" | tr '[:upper:]' '[:lower:]') | docker run --rm -i backplane/jq '([.manifests[].platform | select(.os != "unknown")]?) | .[] | (.os + "/" + .architecture)' | docker run --rm -i backplane/jq -s '. | join(",")' - run: rm -Rf ./docker-image/ - - run: echo -e "${DOCKER_IMAGE}:${{ matrix.image }}" | xargs -I % sh -c 'docker run -v /tmp/trivy:/var/lib/trivy -v /var/run/docker.sock:/var/run/docker.sock -t aquasec/trivy:latest --cache-dir /var/lib/trivy image --exit-code 1 --no-progress --format table %' + - run: echo -e "wyrihaximusnet/redirect:${{ matrix.image }}" | xargs -I % sh -c 'docker run -v /tmp/trivy:/var/lib/trivy -v /var/run/docker.sock:/var/run/docker.sock -t aquasec/trivy:latest --cache-dir /var/lib/trivy image --exit-code 1 --no-progress --format table %' tests: name: Test ${{ matrix.image }} against ${{ matrix.rule }} needs: @@ -121,8 +141,11 @@ jobs: name: docker-image-${{ matrix.image }} path: ./docker-image - run: docker load --input ./docker-image/docker_image.tar + - run: docker image ls -a + - run: docker manifest inspect $(echo "wyrihaximusnet/redirect:${{ matrix.image }}" | tr '[:upper:]' '[:lower:]') + - run: docker manifest inspect $(echo "wyrihaximusnet/redirect:${{ matrix.image }}" | tr '[:upper:]' '[:lower:]') | docker run --rm -i backplane/jq '([.manifests[].platform | select(.os != "unknown")]?) | .[] | (.os + "/" + .architecture)' | docker run --rm -i backplane/jq -s '. | join(",")' - name: Start image ${{ matrix.image }} - run: docker run -d --rm -v ${GITHUB_WORKSPACE}/${REDIRECT_CONFIG_FILE}:/etc/redirect/config.yaml ${DOCKER_IMAGE}:${{ matrix.image }} + run: docker run -d --rm -v ${GITHUB_WORKSPACE}/${REDIRECT_CONFIG_FILE}:/etc/redirect/config.yaml wyrihaximusnet/redirect:${{ matrix.image }} env: IMAGE: ${{ steps.build.outputs.tag }} REDIRECT_CONFIG_FILE: tests/rules/${{ matrix.rule }}/config.yaml @@ -195,8 +218,8 @@ jobs: DOCKER_PASSWORD: ${{ secrets[fromJson(env.DOCKER_IMAGE_REGISTRIES_SECRET_MAPPING)[matrix.registry]] }} - name: Docker info run: docker info - - run: docker tag ${DOCKER_IMAGE}:${{ matrix.image }} ${{ matrix.registry }}/${DOCKER_IMAGE}:${{ matrix.image }} + - run: docker tag wyrihaximusnet/redirect:${{ matrix.image }} ${{ matrix.registry }}/wyrihaximusnet/redirect:${{ matrix.image }} - name: Echo full tag - run: echo -e "${{ matrix.registry }}/${DOCKER_IMAGE}:${{ matrix.image }}" + run: echo -e "${{ matrix.registry }}/wyrihaximusnet/redirect:${{ matrix.image }}" - name: Push image to Docker Hub - run: docker push "${{ matrix.registry }}/${DOCKER_IMAGE}:${{ matrix.image }}" + run: docker push "${{ matrix.registry }}/wyrihaximusnet/redirect:${{ matrix.image }}"