Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: halt failing release #794

Merged
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
130 changes: 65 additions & 65 deletions .github/workflows/release-images.yaml
Original file line number Diff line number Diff line change
@@ -1,74 +1,74 @@
name: Release container images
# name: Release container images

on:
pull_request:
types: [closed]
branches:
- master
# on:
# pull_request:
# types: [closed]
# branches:
# - master

env:
APPLICATION_NAME: redis-operator
QuayImageName: quay.io/opstree/redis-operator
APP_VERSION: "v0.15.2"
DOCKERFILE_PATH: './Dockerfile'
# env:
# APPLICATION_NAME: redis-operator
# QuayImageName: quay.io/opstree/redis-operator
# APP_VERSION: "v0.15.2"
# DOCKERFILE_PATH: './Dockerfile'

jobs:
release_image:
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
environment: release-image
steps:
- name: Checkout
uses: actions/checkout@v2
# jobs:
# release_image:
# if: github.event.pull_request.merged == true
# runs-on: ubuntu-latest
# environment: release-image
# steps:
# - name: Checkout
# uses: actions/checkout@v2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
# - name: Set up Docker Buildx
# uses: docker/setup-buildx-action@v2

- name: Set up QEMU
uses: docker/setup-qemu-action@v3
# - name: Set up QEMU
# uses: docker/setup-qemu-action@v3

- name: Login to Quay.io
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
# - name: Login to Quay.io
# uses: docker/login-action@v3
# with:
# registry: quay.io
# username: ${{ secrets.QUAY_USERNAME }}
# password: ${{ secrets.QUAY_PASSWORD }}

- name: Build and push multi-arch latest image
uses: docker/build-push-action@v2
with:
context: .
file: ${{ env.DOCKERFILE_PATH }}
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ env.QuayImageName }}:${{ env.APP_VERSION }}, ${{ env.QuayImageName }}:latest
# - name: Build and push multi-arch latest image
# uses: docker/build-push-action@v2
# with:
# context: .
# file: ${{ env.DOCKERFILE_PATH }}
# platforms: linux/amd64,linux/arm64
# push: true
# tags: ${{ env.QuayImageName }}:${{ env.APP_VERSION }}, ${{ env.QuayImageName }}:latest

trivy_scan:
needs: [release_image]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Run Trivy vulnerability scanner for arm64 image
uses: aquasecurity/trivy-action@master
# trivy_scan:
# needs: [release_image]
# runs-on: ubuntu-latest
# steps:
# - name: Checkout
# uses: actions/checkout@v2
# - name: Run Trivy vulnerability scanner for arm64 image
# uses: aquasecurity/trivy-action@master

- name: Run Trivy vulnerability scanner for multi-arch image
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.QuayImageName }}:${{ env.APP_VERSION }}
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results-latest.sarif'
exit-code: '1'
ignore-unfixed: true
severity: 'CRITICAL,HIGH'
- name: Run Trivy vulnerability scanner for latest image
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.QuayImageName }}:latest
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results-latest.sarif'
exit-code: '1'
ignore-unfixed: true
severity: 'CRITICAL,HIGH'
# - name: Run Trivy vulnerability scanner for multi-arch image
# uses: aquasecurity/trivy-action@master
# with:
# image-ref: ${{ env.QuayImageName }}:${{ env.APP_VERSION }}
# format: 'template'
# template: '@/contrib/sarif.tpl'
# output: 'trivy-results-latest.sarif'
# exit-code: '1'
# ignore-unfixed: true
# severity: 'CRITICAL,HIGH'
# - name: Run Trivy vulnerability scanner for latest image
# uses: aquasecurity/trivy-action@master
# with:
# image-ref: ${{ env.QuayImageName }}:latest
# format: 'template'
# template: '@/contrib/sarif.tpl'
# output: 'trivy-results-latest.sarif'
# exit-code: '1'
# ignore-unfixed: true
# severity: 'CRITICAL,HIGH'
Loading