feat: Adding s390x support in Dockerfile #3
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Push - Regex Detector | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - "README.md" | |
| - "LICENCE" | |
| - "curl.sh" | |
| tags: | |
| - v* | |
| pull_request_target: | |
| paths-ignore: | |
| - "README.md" | |
| - "LICENCE" | |
| - "curl.sh" | |
| types: [labeled, opened, synchronize, reopened] | |
| jobs: | |
| # Ensure that tests pass before publishing a new image. | |
| build-and-push-ci: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| security-events: write | |
| steps: # Assign context variable for various action contexts (tag, main, CI) | |
| - name: Assigning CI context | |
| if: github.head_ref != '' && github.head_ref != 'main' && !startsWith(github.ref, 'refs/tags/v') | |
| run: echo "BUILD_CONTEXT=ci" >> $GITHUB_ENV | |
| - name: Assigning tag context | |
| if: github.head_ref == '' && startsWith(github.ref, 'refs/tags/v') | |
| run: echo "BUILD_CONTEXT=tag" >> $GITHUB_ENV | |
| - name: Assigning main context | |
| if: github.head_ref == '' && github.ref == 'refs/heads/main' | |
| run: echo "BUILD_CONTEXT=main" >> $GITHUB_ENV | |
| # | |
| # Run checkouts | |
| - uses: mheap/github-action-required-labels@v4 | |
| if: env.BUILD_CONTEXT == 'ci' | |
| with: | |
| mode: minimum | |
| count: 1 | |
| labels: "ok-to-test, lgtm, approved" | |
| - uses: actions/checkout@v3 | |
| if: env.BUILD_CONTEXT == 'ci' | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - uses: actions/checkout@v3 | |
| if: env.BUILD_CONTEXT == 'main' || env.BUILD_CONTEXT == 'tag' | |
| # | |
| # Print variables for debugging | |
| - name: Log reference variables | |
| run: | | |
| echo "CONTEXT: ${{ env.BUILD_CONTEXT }}" | |
| echo "GITHUB.REF: ${{ github.ref }}" | |
| echo "GITHUB.HEAD_REF: ${{ github.head_ref }}" | |
| echo "SHA: ${{ github.event.pull_request.head.sha }}" | |
| echo "MAIN IMAGE AT: ${{ vars.QUAY_RELEASE_REPO }}:latest" | |
| echo "CI IMAGE AT: quay.io/trustyai/regex-detector-ci:${{ github.event.pull_request.head.sha }}" | |
| # Set environments depending on context | |
| - name: Set CI environment | |
| if: env.BUILD_CONTEXT == 'ci' | |
| run: | | |
| echo "TAG=${{ github.event.pull_request.head.sha }}" >> $GITHUB_ENV | |
| echo "IMAGE_NAME=quay.io/trustyai/regex-detector-ci" >> $GITHUB_ENV | |
| - name: Set main-branch environment | |
| if: env.BUILD_CONTEXT == 'main' | |
| run: | | |
| echo "TAG=latest" >> $GITHUB_ENV | |
| echo "IMAGE_NAME=${{ vars.QUAY_RELEASE_REPO }}" >> $GITHUB_ENV | |
| - name: Set tag environment | |
| if: env.BUILD_CONTEXT == 'tag' | |
| run: | | |
| echo "TAG=${{ github.ref_name }}" >> $GITHUB_ENV | |
| echo "IMAGE_NAME=${{ vars.QUAY_RELEASE_REPO }}" >> $GITHUB_ENV | |
| # | |
| # Run docker commands | |
| - name: Put expiry date on CI-tagged image | |
| if: env.BUILD_CONTEXT == 'ci' | |
| run: echo 'LABEL quay.expires-after=7d#' >> Dockerfile | |
| - name: Build image | |
| run: docker build -t ${{ env.IMAGE_NAME }}:$TAG -f Dockerfile . | |
| - name: Log in to Quay | |
| run: docker login -u ${{ secrets.QUAY_ROBOT_USERNAME }} -p ${{ secrets.QUAY_ROBOT_SECRET }} quay.io | |
| - name: Push to Quay CI repo | |
| run: docker push ${{ env.IMAGE_NAME }}:$TAG | |
| # Leave comment | |
| - uses: peter-evans/find-comment@v3 | |
| name: Find Comment | |
| if: env.BUILD_CONTEXT == 'ci' | |
| id: fc | |
| with: | |
| issue-number: ${{ github.event.pull_request.number }} | |
| comment-author: 'github-actions[bot]' | |
| body-includes: PR image build completed successfully | |
| - uses: peter-evans/create-or-update-comment@v4 | |
| if: env.BUILD_CONTEXT == 'ci' | |
| name: Generate/update success message comment | |
| with: | |
| comment-id: ${{ steps.fc.outputs.comment-id }} | |
| issue-number: ${{ github.event.pull_request.number }} | |
| edit-mode: replace | |
| body: | | |
| PR image build completed successfully! | |
| 📦 [PR image](https://quay.io/trustyai/regex-detector-ci?tab=tags): `quay.io/trustyai/regex-detector-ci:${{ github.event.pull_request.head.sha }}` | |
| - name: Trivy scan | |
| uses: aquasecurity/[email protected] | |
| with: | |
| scan-type: 'image' | |
| image-ref: "${{ env.IMAGE_NAME }}:${{ env.TAG }}" | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| severity: 'MEDIUM,HIGH,CRITICAL' | |
| exit-code: '0' | |
| ignore-unfixed: false | |
| vuln-type: 'os,library' | |
| - name: Update Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' |