From c4c41f43d0b924174ecfada94b3b5500794ebdbc Mon Sep 17 00:00:00 2001 From: Devon Bautista <17506592+synackd@users.noreply.github.com> Date: Thu, 12 Mar 2026 09:54:43 -0600 Subject: [PATCH 1/4] ci: fix and tidy container build actions - reorder/retab steps - add missing QEMU action for acme.sh container - add pull_request trigger Signed-off-by: Devon Bautista <17506592+synackd@users.noreply.github.com> --- .github/workflows/build_containers.yml | 91 ++++++++++++++------------ 1 file changed, 48 insertions(+), 43 deletions(-) diff --git a/.github/workflows/build_containers.yml b/.github/workflows/build_containers.yml index 2499442..18d55e4 100644 --- a/.github/workflows/build_containers.yml +++ b/.github/workflows/build_containers.yml @@ -1,12 +1,15 @@ name: build and publish containers on: workflow_dispatch: + pull_request: push: tags: - v* + permissions: packages: write contents: read + jobs: build-local-ca: runs-on: ubuntu-latest @@ -19,7 +22,7 @@ jobs: with: # list of Docker images to use as base name for tags images: | - ghcr.io/openchami/local-ca + ghcr.io/openchami/local-ca # generate Docker tags based on the following events/attributes tags: | type=schedule @@ -28,19 +31,19 @@ jobs: type=semver,pattern=v{{version}} type=semver,pattern=v{{major}}.{{minor}} type=semver,pattern=v{{major}} - type=sha - - name: setup Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + type=sha - name: Login to github container repo - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Set up QEMU + uses: docker/setup-qemu-action@v4 + - name: setup Docker Buildx + uses: docker/setup-buildx-action@v4 - name: Build and push - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v7 with: platforms: linux/amd64,linux/arm64 context: . @@ -50,38 +53,40 @@ jobs: build-acmesh: runs-on: ubuntu-latest steps: - - name: check out the repo - uses: actions/checkout@v4 - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - # list of Docker images to use as base name for tags - images: | - ghcr.io/openchami/acme.sh - # generate Docker tags based on the following events/attributes - tags: | - type=schedule - type=ref,event=branch - type=ref,event=pr - type=semver,pattern=v{{version}} - type=semver,pattern=v{{major}}.{{minor}} - type=semver,pattern=v{{major}} - type=sha - - name: setup Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Login to github container repo - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and push - uses: docker/build-push-action@v5 - with: - platforms: linux/amd64,linux/arm64 - context: . - file: Dockerfile.acme - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + - name: check out the repo + uses: actions/checkout@v4 + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + # list of Docker images to use as base name for tags + images: | + ghcr.io/openchami/acme.sh + # generate Docker tags based on the following events/attributes + tags: | + type=schedule + type=ref,event=branch + type=ref,event=pr + type=semver,pattern=v{{version}} + type=semver,pattern=v{{major}}.{{minor}} + type=semver,pattern=v{{major}} + type=sha + - name: Login to github container repo + uses: docker/login-action@v4 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Set up QEMU + uses: docker/setup-qemu-action@v4 + - name: setup Docker Buildx + uses: docker/setup-buildx-action@v4 + - name: Build and push + uses: docker/build-push-action@v7 + with: + platforms: linux/amd64,linux/arm64 + context: . + file: Dockerfile.acme + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} From 49d97bb457ed0f74fef5a39e3be186cd9a28f775 Mon Sep 17 00:00:00 2001 From: Devon Bautista <17506592+synackd@users.noreply.github.com> Date: Thu, 12 Mar 2026 10:03:32 -0600 Subject: [PATCH 2/4] ci: update some action versions to avoid deprecation warning Signed-off-by: Devon Bautista <17506592+synackd@users.noreply.github.com> --- .github/workflows/build_containers.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build_containers.yml b/.github/workflows/build_containers.yml index 18d55e4..29101ac 100644 --- a/.github/workflows/build_containers.yml +++ b/.github/workflows/build_containers.yml @@ -15,10 +15,10 @@ jobs: runs-on: ubuntu-latest steps: - name: check out the repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v6 with: # list of Docker images to use as base name for tags images: | @@ -54,10 +54,10 @@ jobs: runs-on: ubuntu-latest steps: - name: check out the repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v6 with: # list of Docker images to use as base name for tags images: | From 9dfa799ad3b44f53fe5a8e02d871292c41bdd21c Mon Sep 17 00:00:00 2001 From: Devon Bautista <17506592+synackd@users.noreply.github.com> Date: Thu, 12 Mar 2026 13:18:34 -0600 Subject: [PATCH 3/4] ci: additional spacing and name fixes Signed-off-by: Devon Bautista <17506592+synackd@users.noreply.github.com> --- .github/workflows/build_containers.yml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_containers.yml b/.github/workflows/build_containers.yml index 29101ac..724a030 100644 --- a/.github/workflows/build_containers.yml +++ b/.github/workflows/build_containers.yml @@ -1,4 +1,5 @@ name: build and publish containers + on: workflow_dispatch: pull_request: @@ -16,6 +17,7 @@ jobs: steps: - name: check out the repo uses: actions/checkout@v6 + - name: Docker meta id: meta uses: docker/metadata-action@v6 @@ -32,16 +34,20 @@ jobs: type=semver,pattern=v{{major}}.{{minor}} type=semver,pattern=v{{major}} type=sha + - name: Login to github container repo uses: docker/login-action@v4 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Set up QEMU uses: docker/setup-qemu-action@v4 - - name: setup Docker Buildx + + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v4 + - name: Build and push uses: docker/build-push-action@v7 with: @@ -50,11 +56,13 @@ jobs: push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + build-acmesh: runs-on: ubuntu-latest steps: - name: check out the repo uses: actions/checkout@v6 + - name: Docker meta id: meta uses: docker/metadata-action@v6 @@ -71,16 +79,20 @@ jobs: type=semver,pattern=v{{major}}.{{minor}} type=semver,pattern=v{{major}} type=sha + - name: Login to github container repo uses: docker/login-action@v4 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Set up QEMU uses: docker/setup-qemu-action@v4 - - name: setup Docker Buildx + + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v4 + - name: Build and push uses: docker/build-push-action@v7 with: From 61688fd6d81746c2e11ca465742aab09f8814f87 Mon Sep 17 00:00:00 2001 From: Devon Bautista <17506592+synackd@users.noreply.github.com> Date: Thu, 12 Mar 2026 13:23:22 -0600 Subject: [PATCH 4/4] fix(Dockerfile): heed warnings from build Signed-off-by: Devon Bautista <17506592+synackd@users.noreply.github.com> --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 58968e2..9a33cce 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ HEALTHCHECK CMD step ca health 2>/dev/null | grep "^ok" >/dev/null COPY entrypoint.sh /entrypoint.sh -EXPOSE 9000/TCP +EXPOSE 9000/tcp ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] -CMD exec /usr/bin/step-ca --password-file $PWDPATH $CONFIGPATH +CMD ["exec","/usr/bin/step-ca","--password-file","$PWDPATH","$CONFIGPATH"]