Release #278
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| workflow_run: | |
| workflows: [Integration] | |
| types: [completed] | |
| workflow_dispatch: | |
| inputs: | |
| force_release: | |
| description: | | |
| When the action-docs latest release has already been dockerized but | |
| you want to rebuild a Docker image. | |
| required: false | |
| default: false | |
| schedule: | |
| - cron: '0 0 */2 * *' # Run every 2 days at midnight | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: false | |
| jobs: | |
| test: | |
| name: Lint/Scan/Test image | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 2 | |
| if: github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' | |
| permissions: | |
| contents: write | |
| packages: read | |
| actions: write | |
| security-events: write | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v4 | |
| - uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # ratchet:jdx/mise-action@v2 | |
| - name: Lint docker image | |
| id: lint_docker | |
| if: github.actor != 'dependabot[bot]' | |
| run: task docker:lint | |
| - name: Lint all the rest | |
| id: lint | |
| if: github.actor != 'dependabot[bot]' | |
| run: task lint | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # ratchet:docker/setup-buildx-action@v3 | |
| - name: Log in to GHCR | |
| uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # ratchet:docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Fetch image metadata | |
| run: | | |
| echo "IMAGE_LATEST_VERSION=$(task docker:image_latest_version)" >> $GITHUB_ENV | |
| echo "DOCKER_TAG=$(task docker:docker_tag)" >> $GITHUB_ENV | |
| - name: Build single image | |
| id: build | |
| uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # ratchet:docker/build-push-action@v6 | |
| with: | |
| push: false | |
| file: Dockerfile | |
| context: . | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| load: true | |
| tags: ${{ env.IMAGE_LATEST_VERSION }} | |
| build-args: DOCKER_TAG=${{ env.DOCKER_TAG }} | |
| - name: Scan image | |
| id: trivy_scan | |
| uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # ratchet:aquasecurity/trivy-action@master | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| scan-type: image | |
| image-ref: ${{ env.IMAGE_LATEST_VERSION }} | |
| github-pat: ${{ secrets.GITHUB_TOKEN }} | |
| format: github | |
| output: dependency-results.sbom.json | |
| trivy-config: .security/trivy.docker.yaml | |
| - name: Upload trivy report | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # ratchet:actions/upload-artifact@v4 | |
| if: always() && hashFiles('dependency-results.sbom.json') != '' | |
| with: | |
| name: trivy-sbom-report | |
| path: dependency-results.sbom.json | |
| - name: Test image | |
| id: test | |
| run: task docker:test | |
| - name: Update image tests badge | |
| if: always() | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # ratchet:actions/github-script@v7 | |
| with: | |
| script: | | |
| try { | |
| const relevantSteps = [ | |
| '${{ steps.lint_docker.outcome }}', | |
| '${{ steps.lint.outcome }}', | |
| '${{ steps.build.outcome }}', | |
| '${{ steps.trivy_scan.outcome }}', | |
| '${{ steps.test.outcome }}' | |
| ]; | |
| const outcome = relevantSteps.includes('failure') ? 'failure' : 'success'; | |
| const status = outcome === "success" ? "passing" : "failing"; | |
| const statusColor = outcome === "success" ? "green" : "red"; | |
| const payload = { | |
| icon: "data:image/svg+xml;base64,PHN2ZyB2ZXJzaW9uPSIxLjIiIGJhc2VQcm9maWxlPSJ0aW55LXBzIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA0NiA0NiIgd2lkdGg9IjQ2IiBoZWlnaHQ9IjQ2Ij4KCTx0aXRsZT51c2FiaWxpdHlfdGVzdGluZ19pY29uXzE1MDMyNC1zdmctc3ZnPC90aXRsZT4KCTxkZWZzPgoJCTxpbWFnZSAgd2lkdGg9IjQ0IiBoZWlnaHQ9IjQ0IiBpZD0iaW1nMSIgaHJlZj0iZGF0YTppbWFnZS9wbmc7YmFzZTY0LGlWQk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFDd0FBQUFzQ0FNQUFBQXBXcW96QUFBQUFYTlNSMElCMmNrc2Z3QUFBTkpRVEZSRjNkN2ZEUElOTmM4NDB0UFYvLy8vQVA4QXNMSzJMdFF4dUxxOTI5emU3ZTN1cGFpczdlM3VDTzBKNHVQa3ZzRERrNkthUE1wQXFhdXZ6YzdROFBEeHJLNnkxTlhYMytEaEZ1Z1hPY3c5cUt1dXk4M1B2Yi9DanFPVkJ2Z0hwS2FycjdHMXhzZktuYUNrYnE5MDl2YjN6Yy9SL1B6OC92NytvNmFxaWFXUEEvc0QwZExVMmRyY25xQ2x1NzNBcXF5dzgvVDBwYWVyNk9ucTRPSGprNktaN3UvdzB0VFZYTGRpTWRFMTd1L3dsNkNldjhERDR1UGt6cy9Tc2JPMjgvVDAyZHJibVp5aHA2cXUzZC9nNE9IajcrL3cxbjJGQ3dBQUFFWjBVazVULy8vLy93RC8vLy8vLy8vL0lQL1EvLy8vLy84QS8vLy8vLy8vLy8vLy8vLy8vLy8vQVA4QUFQLy8vLy8vLy8vL0FQOEE4UDhBLy8vL0VQLy9vZi8vLy8vLy8vL2hBQVF1MVIwQUFBR3NTVVJCVkhpY3BkUnBVOEl3RUFiZ2xPYjF3cXR5Q2hUbGxFT2dnRklFeGZ2Ly95VTNUVnZhUUNHTSt3VXk4MHk2MlUyV01VTXpVaVpuQm5UREVQakkxSWtqaVUzT2p3RitBcHllQVdtK1Bjd05mSzZETmNMSEJ4M3dJSHhRR29kaVhPek80RDg0bnN2bDFiVmgzV1N5Y3JVVDU5WmI1dmZnUXBIUWJhbGNzYXYwNTI0bnZpZFJDeFoxV3JCa1hBWWF6WFZHTFhtNjdiaXQzcVFIb0pPRXUrZ3B6V2o1cDl6RWZlQlJiZDFBSmhKckNyMnlJUi9CampESDhjdWNWVEhGbUZ1b1JLeW9CRVVWbVJobTNqT2IwQ1pUNmFTVitBa2p2dVhXUGZ0MUdwSUtMYS9BaXU4OEV6R1ordGdsTnc4c2xkNklZZmxjeHBUR1M2QkR5MHRZcU5pcmhvRXlEL2NPa2t0aHFXQ1orQUlsWDlpaHBjKzlic1hMNENaRW9xWTJKU3dKVUZkc0U4Z2w0RHp3RnNjTkZMbUtWMTd4WnU4ZFJhZUJ3Z2IydzZUbVloRFNqNTRvb2JseW92Z3ptTmhVQTlvYlgyV3E5N1JpaDIvUlNSb3krY2dNNkxZZFh5ZE9wT1hDeThzYTljWG40VEphZkkrSHllUHI1MWYrRGtVdm1aZUp4cXh6MTFwak1LNjF6aFFOOUZ4cjVBcE4yTmFiejk3OWRqbGpwck1mQysxU05UU2tDRnZNaUQ5czh6UldETWYrYlFBQUFBQkpSVTVFcmtKZ2dnPT0iLz4KCTwvZGVmcz4KCTxzdHlsZT4KCQl0c3BhbiB7IHdoaXRlLXNwYWNlOnByZSB9Cgk8L3N0eWxlPgoJPHVzZSBpZD0iQmFja2dyb3VuZCIgaHJlZj0iI2ltZzEiIHg9IjEiIHk9IjEiIC8+Cjwvc3ZnPg==", | |
| icon_width: "20", | |
| label: "Tests", | |
| label_color: "555", | |
| status, | |
| status_color: statusColor, | |
| path: "tests.svg" | |
| }; | |
| const result = await github.rest.repos.createDispatchEvent({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| event_type: "badge-update", | |
| client_payload: payload | |
| }); | |
| console.log(result); | |
| } catch(error) { | |
| console.error(error); | |
| core.setFailed(error); | |
| } | |
| release: | |
| name: Release image | |
| runs-on: ubuntu-latest | |
| needs: [test] | |
| timeout-minutes: 2 | |
| if: (github.event_name == 'schedule' && always()) || github.event_name != 'schedule' | |
| permissions: | |
| contents: write | |
| packages: write | |
| actions: write | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v4 | |
| - uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # ratchet:jdx/mise-action@v2 | |
| - name: Check if release needed | |
| id: check_release_need | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| FORCE_RELEASE: ${{ github.event.inputs.force_release }} | |
| run: | | |
| task docker:resolve_vars | |
| [[ "$(task docker:release_needed)" != 'true' ]] || echo "needed=true" >> $GITHUB_OUTPUT | |
| - name: Set up QEMU # for multi-platform build | |
| if: steps.check_release_need.outputs.needed == 'true' | |
| uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # ratchet:docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| if: steps.check_release_need.outputs.needed == 'true' | |
| uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # ratchet:docker/setup-buildx-action@v3 | |
| - name: Log in to GHCR | |
| if: steps.check_release_need.outputs.needed == 'true' | |
| uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # ratchet:docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Fetch image metadata | |
| if: steps.check_release_need.outputs.needed == 'true' | |
| run: | | |
| echo "IMAGE_LATEST_VERSION=$(task docker:image_latest_version)" >> $GITHUB_ENV | |
| echo "DOCKER_TAG=$(task docker:docker_tag)" >> $GITHUB_ENV | |
| echo "MAJOR_VERSION=$(task docker:docker_tag | cut -d. -f1)" >> $GITHUB_ENV | |
| - name: Push Image | |
| if: steps.check_release_need.outputs.needed == 'true' | |
| id: release | |
| uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # ratchet:docker/build-push-action@v6 | |
| with: | |
| # provenance trick to get rid off the unknown/unknown architecture listed on GHCR UI (bug see https://github.com/orgs/community/discussions/45969) | |
| provenance: false | |
| push: true | |
| file: Dockerfile | |
| context: . | |
| platforms: linux/amd64,linux/arm64 | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| load: false | |
| tags: | | |
| ${{ env.IMAGE_LATEST_VERSION }} | |
| ghcr.io/${{ github.repository }}:${{ env.MAJOR_VERSION }} | |
| ghcr.io/${{ github.repository }}:latest | |
| build-args: | | |
| AUTHOR=${{ github.actor }} | |
| DOCKER_IMAGE_LATEST_VERSION=${{ env.IMAGE_LATEST_VERSION }} | |
| DOCKER_TAG=${{ env.DOCKER_TAG }} | |
| GIT_REPO_HTTP_URL=${{ github.server_url }}/${{ github.repository }} | |
| GIT_SHORT_SHA=${{ github.sha }} | |
| - name: Update release badge | |
| if: steps.check_release_need.outputs.needed == 'true' | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # ratchet:actions/github-script@v7 | |
| with: | |
| script: | | |
| try { | |
| const outcome = "${{ steps.release.outcome }}"; | |
| const status = (outcome === "success") ? "passing" : (outcome === "skipped" ? "standby" : "failing"); | |
| const statusColor = (outcome === "success") ? "green" : (outcome === "skipped" ? "grey" : "red"); | |
| const payload = { | |
| icon: "data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIxLjAuMCwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeD0iMHB4IiB5PSIwcHgiCgkgdmlld0JveD0iMCAwIDEwMjQgMTAyNCIgc3R5bGU9ImVuYWJsZS1iYWNrZ3JvdW5kOm5ldyAwIDAgMTAyNCAxMDI0OyIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+CjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+Cgkuc3Qwe2ZpbGw6IzAwOTFFMjt9Cgkuc3Qxe2ZpbGw6I0ZGRkZGRjt9Cjwvc3R5bGU+CjxnIGlkPSJHdWlkZXMiPgo8L2c+CjxnIGlkPSJJY29uIj4KCTxjaXJjbGUgY2xhc3M9InN0MCIgY3g9IjUxMiIgY3k9IjUxMiIgcj0iNTEyIi8+Cgk8cGF0aCBjbGFzcz0ic3QxIiBkPSJNODI3LjMsNDYxLjVjLTEuNi0xLjMtMTYuMS0xMi4yLTQ2LjctMTIuMmMtOC4xLDAtMTYuMiwwLjYtMjQuMiwyLjFjLTUuOS00MC43LTM5LjUtNjAuNS00MS02MS40bC04LjItNC44CgkJbC01LjQsNy44Yy02LjgsMTAuNS0xMS43LDIyLTE0LjYsMzQuMmMtNS41LDIzLjItMi4yLDQ1LDkuNiw2My42Yy0xNC4yLDcuOS0zNy4xLDkuOS00MS43LDEwSDI3N2MtOS45LDAtMTcuOSw4LTE3LjksMTcuOQoJCWMtMC40LDMzLjEsNS4yLDY2LDE2LjUsOTcuMWMxMywzNC4yLDMyLjQsNTkuMyw1Ny42LDc0LjdjMjguMiwxNy4zLDc0LjEsMjcuMiwxMjYuMiwyNy4yYzIzLjUsMC4xLDQ3LTIuMSw3MC4xLTYuNAoJCWMzMi4xLTUuOSw2My0xNy4xLDkxLjQtMzMuMmMyMy40LTEzLjYsNDQuNS0zMC44LDYyLjQtNTEuMWMyOS45LTMzLjksNDcuOC03MS43LDYxLjEtMTA1LjJoNS4zYzMyLjgsMCw1My0xMy4xLDY0LjEtMjQuMQoJCWM3LjQtNywxMy4yLTE1LjUsMTYuOS0yNWwyLjMtNi45TDgyNy4zLDQ2MS41eiBNMzEyLDQ4OS45aDUwLjdjMi40LDAsNC40LTIsNC40LTQuNHYtNDUuMWMwLTIuNC0yLTQuNC00LjQtNC41SDMxMgoJCWMtMi40LDAtNC40LDItNC40LDQuNHY0NS4yQzMwNy42LDQ4OCwzMDkuNiw0ODkuOSwzMTIsNDg5LjkgTTM4MS45LDQ4OS45aDUwLjdjMi40LDAsNC40LTIsNC40LTQuNHYtNDUuMWMwLTIuNC0yLTQuNC00LjQtNC41CgkJaC01MC43Yy0yLjUsMC00LjUsMi00LjUsNC41djQ1LjFDMzc3LjQsNDg4LDM3OS40LDQ4OS45LDM4MS45LDQ4OS45IE00NTIuNyw0OTBoNTAuN2MyLjQsMCw0LjQtMiw0LjQtNC40di00NS4xCgkJYzAtMi40LTItNC40LTQuNC00LjVoLTUwLjdjLTIuNCwwLTQuNCwyLTQuNCw0LjR2NDUuMkM0NDguMyw0ODgsNDUwLjMsNDg5LjksNDUyLjcsNDkwIE01MjIuOCw0OTBoNTAuN2MyLjQsMCw0LjQtMiw0LjUtNC40di00NS4xCgkJYzAtMi41LTItNC41LTQuNS00LjVoLTUwLjdjLTIuNCwwLTQuNCwyLTQuNCw0LjR2NDUuMkM1MTguNCw0ODgsNTIwLjMsNDkwLDUyMi44LDQ5MCBNMzgxLjgsNDI1aDUwLjdjMi40LDAsNC40LTIsNC40LTQuNXYtNDUuMQoJCWMwLTIuNC0yLTQuNC00LjQtNC40aC01MC43Yy0yLjUsMC00LjQsMi00LjUsNC40djQ1LjFDMzc3LjQsNDIzLDM3OS40LDQyNSwzODEuOCw0MjUgTTQ1Mi43LDQyNWg1MC43YzIuNCwwLDQuNC0yLDQuNC00LjV2LTQ1LjEKCQljMC0yLjQtMi00LjQtNC40LTQuNGgtNTAuN2MtMi40LDAtNC40LDItNC40LDQuNHY0NS4xQzQ0OC4zLDQyMyw0NTAuMyw0MjUsNDUyLjcsNDI1IE01MjIuOCw0MjVoNTAuN2MyLjUsMCw0LjQtMiw0LjUtNC41di00NS4xCgkJYzAtMi41LTItNC40LTQuNS00LjRoLTUwLjdjLTIuNCwwLTQuNCwyLTQuNCw0LjR2NDUuMUM1MTguNCw0MjMsNTIwLjMsNDI1LDUyMi44LDQyNSBNNTIyLjgsMzYwLjFoNTAuN2MyLjUsMCw0LjUtMiw0LjUtNC41di00NS4yCgkJYzAtMi40LTItNC40LTQuNS00LjRoLTUwLjdjLTIuNCwwLTQuNCwyLTQuNCw0LjR2NDUuMkM1MTguNCwzNTguMSw1MjAuMywzNjAuMSw1MjIuOCwzNjAuMSBNNTkzLjQsNDkwaDUwLjdjMi40LDAsNC40LTIsNC40LTQuNAoJCXYtNDUuMWMwLTIuNS0yLTQuNC00LjQtNC41aC01MC43Yy0yLjQsMC00LjQsMi00LjQsNC40djQ1LjJDNTg5LDQ4OCw1OTEsNDkwLDU5My40LDQ5MCIvPgo8L2c+Cjwvc3ZnPgo=", | |
| icon_width: "20", | |
| label: "Release", | |
| label_color: "555", | |
| status, | |
| status_color: statusColor, | |
| path: "release.svg" | |
| }; | |
| const result = await github.rest.repos.createDispatchEvent({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| event_type: "badge-update", | |
| client_payload: payload | |
| }); | |
| console.log(result); | |
| } catch(error) { | |
| console.error(error); | |
| core.setFailed(error); | |
| } |