Skip to content

Build base-image

Build base-image #611

# Copyright (c) 2022-2024 Contributors to the Eclipse Foundation
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0.
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
name: Build base-image
concurrency:
group: ${{ github.ref }}
cancel-in-progress: true
on:
schedule:
- cron: '0 5 * * 0'
workflow_dispatch:
push:
# Run only on branches/commits and not tags
branches:
- main
pull_request:
branches:
- main
jobs:
build-image:
name: Building image
outputs:
tag: ${{ steps.get-tag.outputs.tag }}
runs-on: ubuntu-22.04
strategy:
matrix:
image: [base, python, cpp]
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Run Linters
uses: pre-commit/[email protected]
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: v0.9.0
- name: Get image tag
id: get-tag
shell: bash
run: |
TAGS=${{ github.sha }}
if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
TAGS="${TAGS},latest"
fi
echo "tag=${{ github.sha }}" >> $GITHUB_OUTPUT
echo "tags=${TAGS}" >> $GITHUB_OUTPUT
- id: github-repository-name-case-adjusted
name: Prepare repository name in lower case for docker upload.
uses: ASzc/change-string-case-action@v6
with:
string: ${{ github.repository }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build image and push
id: image_build
uses: devcontainers/[email protected]
with:
imageName: ghcr.io/${{ steps.github-repository-name-case-adjusted.outputs.lowercase }}/${{ matrix.image }}
imageTag: ${{ steps.get-tag.outputs.tags }}
push: always
platform: linux/amd64,linux/arm64
noCache: true
subFolder: ./Dockerfiles/${{ matrix.image }}/
generate-sbom:
name: Generate SBOM
runs-on: ubuntu-22.04
needs: [build-image]
if: github.ref == 'refs/heads/main'
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- name: Install Syft
run: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
- name: Generate SBOM
run: |
architectures=(arm64 amd64)
languages=(cpp python)
for arch in "${architectures[@]}"
do
for lang in "${languages[@]}"
do
syft --platform $arch \
-o template=SBOM/Markdown/$lang\_$arch.md -t templates/SBOM_md.tmpl \
-o [email protected]=SBOM/SPDX/$lang\_$arch.spdx.json \
-o cyclonedx-json=SBOM/CycloneDX/$lang\_$arch.cyclonedx.json \
ghcr.io/${{ github.repository }}/$lang:${{ needs.build-image.outputs.tag }}
done
done
# fix for different SPDX versions
sed -i -e 's/PACKAGE-MANAGER/PACKAGE_MANAGER/g' SBOM/SPDX/*.spdx.json
- name: Upload SBOM as artifact
uses: actions/upload-artifact@v4
with:
name: SBOM
path: |
SBOM/*
- uses: EndBug/add-and-commit@v9
id: push-changes
with:
message: 'Updated SBOM'
new_branch: sbom
push: origin sbom --set-upstream --force