File tree Expand file tree Collapse file tree 8 files changed +58
-11
lines changed
Expand file tree Collapse file tree 8 files changed +58
-11
lines changed Original file line number Diff line number Diff line change 1515 - name : Enable auto-merge for Dependabot PRs
1616 shell : bash
1717 run : |
18+ set -euo pipefail
19+ IFS=$'\n\t'
1820 # Checking the PR title is a poor substitute for the actual PR changes
1921 # but as long as this is used only with dependabot PRs,
2022 # it should be safe to assume that the title is not misleading.
Original file line number Diff line number Diff line change 1414 - name : Check commits
1515 shell : bash
1616 run : |
17+ set -euo pipefail
18+ IFS=$'\n\t'
1719 # Check the commits
1820 commits_json=$(curl -fsSL -H "Authorization: token ${GITHUB_TOKEN}" "${PR_COMMITS_URL}")
1921 echo -n 'Commits: '
4244 - name : Update PR labels
4345 shell : bash
4446 run : |
47+ set -euo pipefail
48+ IFS=$'\n\t'
4549 # Check PR title is a conventional commit message
4650 regexp='^((build|chore|ci|docs|feat|fix|perf|refactor|style|test)(\([a-zA-Z0-9\-]+\))?)!?: .*$'
4751 if ! [[ "${PR_TITLE}" =~ ${regexp} ]] ; then
Original file line number Diff line number Diff line change 1414 steps :
1515 - name : Check the versions
1616 shell : bash
17- run : docker run --pull always -t --user root --entrypoint /bin/sh "leplusorg/${GITHUB_REPOSITORY#*/docker-}:main" -c 'dnf upgrade -y | tee -a /dev/stderr | grep -q -v -e "^Nothing to do." && exit 1'
17+ run : |
18+ set -euo pipefail
19+ IFS=$'\n\t'
20+ docker run --pull always -t --user root --entrypoint /bin/sh "leplusorg/${GITHUB_REPOSITORY#*/docker-}:main" -c 'if dnf upgrade -y | tee -a /dev/stderr | grep -q -v -e "^Nothing to do."; then exit 1; fi'
Original file line number Diff line number Diff line change @@ -19,10 +19,16 @@ jobs:
1919 steps :
2020 - name : Set IMAGE
2121 shell : bash
22- run : echo "IMAGE=${GITHUB_REPOSITORY#*/docker-}" >> "${GITHUB_ENV}"
22+ run : |
23+ set -euo pipefail
24+ IFS=$'\n\t'
25+ echo "IMAGE=${GITHUB_REPOSITORY#*/docker-}" >> "${GITHUB_ENV}"
2326uses : actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
2427 - name : Set SOURCE_DATE_EPOCH
25- run : echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> "${GITHUB_ENV}"
28+ run : |
29+ set -euo pipefail
30+ IFS=$'\n\t'
31+ echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> "${GITHUB_ENV}"
2632uses : docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
2733 - uses : docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
2834 - uses : docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
3743name : Test the Docker image
3844 working-directory : ${{ env.IMAGE }}
3945 shell : bash
40- run : docker compose -f docker-compose.test.yml run sut
46+ run : |
47+ set -euo pipefail
48+ IFS=$'\n\t'
49+ docker compose -f docker-compose.test.yml run sut
4150uses : docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
4251 if : github.ref == 'refs/heads/main'
4352 with :
6473 TAGS : ${{ steps.meta.outputs.tags }}
6574 shell : bash
6675 run : |
76+ set -euo pipefail
77+ IFS=$'\n\t'
6778 images=""
6879 for tag in ${TAGS}; do
6980 images+="${tag}@${DIGEST} "
7485 if : github.ref == 'refs/heads/main'
7586 shell : bash
7687 run : |
88+ set -euo pipefail
89+ IFS=$'\n\t'
7790 # shellcheck disable=SC2086
7891 VERSION="$(\grep ${IMAGE}/Dockerfile -e '^FROM' | \head -n 1 | \sed -e 's/@.*$//; s/^.*://;')"
7992 if [[ "${VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]\-minimal$ ]] ; then
Original file line number Diff line number Diff line change @@ -16,10 +16,16 @@ jobs:
1616 steps :
1717 - name : Set IMAGE
1818 shell : bash
19- run : echo "IMAGE=${GITHUB_REPOSITORY#*/docker-}" >> "${GITHUB_ENV}"
19+ run : |
20+ set -euo pipefail
21+ IFS=$'\n\t'
22+ echo "IMAGE=${GITHUB_REPOSITORY#*/docker-}" >> "${GITHUB_ENV}"
2023uses : actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
2124 - name : Set SOURCE_DATE_EPOCH
22- run : echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> "${GITHUB_ENV}"
25+ run : |
26+ set -euo pipefail
27+ IFS=$'\n\t'
28+ echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> "${GITHUB_ENV}"
2329uses : docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
2430 - uses : docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
2531 - uses : docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
5763 TAGS : ${{ steps.meta.outputs.tags }}
5864 shell : bash
5965 run : |
66+ set -euo pipefail
67+ IFS=$'\n\t'
6068 images=""
6169 for tag in ${TAGS}; do
6270 images+="${tag}@${DIGEST} "
Original file line number Diff line number Diff line change @@ -20,17 +20,28 @@ jobs:
2020 steps :
2121 - name : Set IMAGE
2222 shell : bash
23- run : echo "IMAGE=${GITHUB_REPOSITORY#*/docker-}" >> "${GITHUB_ENV}"
23+ run : |
24+ set -euo pipefail
25+ IFS=$'\n\t'
26+ echo "IMAGE=${GITHUB_REPOSITORY#*/docker-}" >> "${GITHUB_ENV}"
2427uses : actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
2528 - name : Pull the ${{ matrix.tag }} ${{ matrix.platform }} image
2629 shell : bash
27- run : docker pull --platform "${{ matrix.platform }}" "${GITHUB_REPOSITORY_OWNER}/${IMAGE}:${{ matrix.tag }}"
30+ run : |
31+ set -euo pipefail
32+ IFS=$'\n\t'
33+ docker pull --platform "${{ matrix.platform }}" "${GITHUB_REPOSITORY_OWNER}/${IMAGE}:${{ matrix.tag }}"
2834name : Pull the ${{ matrix.tag }} ${{ matrix.platform }} image SBOM
2935 shell : bash
30- run : docker buildx imagetools inspect "${GITHUB_REPOSITORY_OWNER}/${IMAGE}:${{ matrix.tag }}" --format "{{ json (index .SBOM \"${{ matrix.platform }}\").SPDX }}"
36+ run : |
37+ set -euo pipefail
38+ IFS=$'\n\t'
39+ docker buildx imagetools inspect "${GITHUB_REPOSITORY_OWNER}/${IMAGE}:${{ matrix.tag }}" --format "{{ json (index .SBOM \"${{ matrix.platform }}\").SPDX }}"
3140name : Install cosign
3241 uses : sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2
3342 - name : Verify the ${{ matrix.tag }} image signature
3443 shell : bash
3544 run : |
45+ set -euo pipefail
46+ IFS=$'\n\t'
3647 cosign verify "${GITHUB_REPOSITORY_OWNER}/${IMAGE}:${{ matrix.tag }}" --certificate-identity-regexp "https://github\.com/${GITHUB_REPOSITORY}/\.github/workflows/.+" --certificate-oidc-issuer 'https://token.actions.githubusercontent.com'
Original file line number Diff line number Diff line change 1515 - name : Check the versions
1616 shell : bash
1717 # FIXME @TL workaround until Amazon Linux gets a pipx package
18- run : docker run --pull always -t --user root --entrypoint /bin/sh "leplusorg/${GITHUB_REPOSITORY#*/docker-}:main" -c 'pip3 list --outdated | tee -a /dev/stderr | grep -q -e "^pipx " && exit 1'
18+ run : |
19+ set -euo pipefail
20+ IFS=$'\n\t'
21+ docker run --pull always -t --user root --entrypoint /bin/sh "leplusorg/${GITHUB_REPOSITORY#*/docker-}:main" -c 'if pip3 list --outdated | tee -a /dev/stderr | grep -q -e "^pipx "; then exit 1; fi'
Original file line number Diff line number Diff line change 1414 steps :
1515 - name : Check the versions
1616 shell : bash
17- run : docker run --pull always -t --user root --entrypoint /bin/sh "leplusorg/${GITHUB_REPOSITORY#*/docker-}:main" -c 'pipx upgrade-all --global | tee -a /dev/stderr | grep -q -e . && exit 1'
17+ run : |
18+ set -euo pipefail
19+ IFS=$'\n\t'
20+ docker run --pull always -t --user root --entrypoint /bin/sh "leplusorg/${GITHUB_REPOSITORY#*/docker-}:main" -c 'if sudo pipx upgrade-all --global | tee -a /dev/stderr | grep -q -e .; then exit 1; fi'
You can’t perform that action at this time.
0 commit comments