oleg
/
gogs
зеркало из https://github.com/gogs/gogs.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193
							name: Docker
on:
  push:
    branches:
      - main
  pull_request:
    paths:
      - '.trivy.yaml'
      - 'Dockerfile'
      - 'docker/**'
      - '.github/workflows/docker.yml'
  release:
    types: [ published ]

jobs:
  buildx:
    if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
    concurrency:
      group: ${{ github.workflow }}-${{ github.ref }}
      cancel-in-progress: true
    runs-on: ubuntu-latest
    permissions:
      actions: write
      contents: read
      packages: write
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
        with:
          platforms: linux/amd64,linux/arm64,linux/arm/v7
      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v3
      - name: Inspect builder
        run: |
          echo "Name:      ${{ steps.buildx.outputs.name }}"
          echo "Endpoint:  ${{ steps.buildx.outputs.endpoint }}"
          echo "Status:    ${{ steps.buildx.outputs.status }}"
          echo "Flags:     ${{ steps.buildx.outputs.flags }}"
          echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to GitHub Container registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Login to DigitalOcean Container registry
        uses: docker/login-action@v3
        with:
          registry: registry.digitalocean.com
          username: ${{ secrets.DIGITALOCEAN_USERNAME }}
          password: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
      - name: Build and push images
        uses: docker/build-push-action@v5
        with:
          context: .
          platforms: linux/amd64,linux/arm64,linux/arm/v7
          push: true
          tags: |
            gogs/gogs:latest
            ghcr.io/gogs/gogs:latest
            registry.digitalocean.com/gogs/gogs:latest
      - name: Scan for container vulnerabilities
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: gogs/gogs:latest
          exit-code: '1'
      - name: Send email on failure
        uses: dawidd6/action-send-mail@v3
        if: ${{ failure() }}
        with:
          server_address: smtp.mailgun.org
          server_port: 465
          username: ${{ secrets.SMTP_USERNAME }}
          password: ${{ secrets.SMTP_PASSWORD }}
          subject: GitHub Actions (${{ github.repository }}) job result
          to: github-actions-8ce6454@unknwon.io
          from: GitHub Actions (${{ github.repository }})
          reply_to: noreply@unknwon.io
          body: |
            The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}".

            View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}

  buildx-pull-request:
    if: ${{ github.event_name == 'pull_request'}}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v2
        with:
          config-inline: |
            [worker.oci]
              max-parallelism = 2
      - name: Inspect builder
        run: |
          echo "Name:      ${{ steps.buildx.outputs.name }}"
          echo "Endpoint:  ${{ steps.buildx.outputs.endpoint }}"
          echo "Status:    ${{ steps.buildx.outputs.status }}"
          echo "Flags:     ${{ steps.buildx.outputs.flags }}"
          echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
      - name: Compute short commit SHA
        id: short-sha
        uses: benjlevesque/short-sha@v2.1
      - name: Build and push images
        uses: docker/build-push-action@v5
        with:
          context: .
          platforms: linux/amd64
          push: true
          tags: |
            ttl.sh/gogs/gogs-${{ steps.short-sha.outputs.sha }}:1d
      - name: Scan for container vulnerabilities
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: ttl.sh/gogs/gogs-${{ steps.short-sha.outputs.sha }}:1d
          exit-code: '1'

  # Updates to the following section needs to be synced to all release branches within their lifecycles.
  buildx-release:
    if: ${{ github.event_name == 'release' }}
    runs-on: ubuntu-latest
    permissions:
      actions: write
      contents: read
      packages: write
    steps:
      - name: Compute image tag name
        run: echo "IMAGE_TAG=$(echo $GITHUB_REF_NAME | cut -c 2-)" >> $GITHUB_ENV
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
        with:
          platforms: linux/amd64,linux/arm64,linux/arm/v7
      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v3
      - name: Inspect builder
        run: |
          echo "Name:      ${{ steps.buildx.outputs.name }}"
          echo "Endpoint:  ${{ steps.buildx.outputs.endpoint }}"
          echo "Status:    ${{ steps.buildx.outputs.status }}"
          echo "Flags:     ${{ steps.buildx.outputs.flags }}"
          echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to GitHub Container registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build and push images
        uses: docker/build-push-action@v5
        with:
          context: .
          platforms: linux/amd64,linux/arm64,linux/arm/v7
          push: true
          tags: |
            gogs/gogs:${{ env.IMAGE_TAG }}
            ghcr.io/gogs/gogs:${{ env.IMAGE_TAG }}
      - name: Send email on failure
        uses: dawidd6/action-send-mail@v3
        if: ${{ failure() }}
        with:
          server_address: smtp.mailgun.org
          server_port: 465
          username: ${{ secrets.SMTP_USERNAME }}
          password: ${{ secrets.SMTP_PASSWORD }}
          subject: GitHub Actions (${{ github.repository }}) job result
          to: github-actions-8ce6454@unknwon.io
          from: GitHub Actions (${{ github.repository }})
          reply_to: noreply@unknwon.io
          body: |
            The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}".

            View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}