Skip to content

Build & Scan Portage CD Images #35

Build & Scan Portage CD Images

Build & Scan Portage CD Images #35

Workflow file for this run

name: Build portage
run-name: "Build & Scan Portage CD Images"
permissions:
contents: read
checks: write
packages: write
on:
workflow_dispatch:
push:
branches:
- 'main'
tags: [ '*' ]
pull_request:
branches:
- main
jobs:
image_delivery:
runs-on: ubuntu-latest
name: Build Image with Docker Action
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/checkout@v4
- name: Set outputs
id: vars
run: |
image_repo=ghcr.io/easy-up/portage
image_tag=${GITHUB_SHA::8}
# If on a git tag like vx.x.x, change the image tag to reflect
if [[ $GITHUB_REF == refs/tags/v* ]]; then
image_tag=${GITHUB_REF/refs\/tags\//}
fi
# Image Names
echo "image_name=$image_repo:$image_tag" >> $GITHUB_OUTPUT
echo "podman_image_name=$image_repo:podman-$image_tag" >> $GITHUB_OUTPUT
# Build Variables
echo "version=$(git describe --tags)" >> $GITHUB_OUTPUT
echo "git_commit=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
echo "git_description=$(git log -1 --pretty=%B | head -n 1)" >> $GITHUB_OUTPUT
- name: Build and push
uses: docker/build-push-action@v5
with:
push: true
tags: ${{ steps.vars.outputs.image_name }}
build-args: "VERSION=${{ steps.vars.outputs.version }},GIT_COMMIT=${{ steps.vars.outputs.git_commit }},GIT_DESCRIPTION=${{ steps.vars.outputs.git_description }}"
- name: Build and push podman target
uses: docker/build-push-action@v5
with:
push: true
tags: ${{ steps.vars.outputs.podman_image_name }}
build-args: "VERSION=${{ steps.vars.outputs.version }},GIT_COMMIT=${{ steps.vars.outputs.git_commit }},GIT_DESCRIPTION=${{ steps.vars.outputs.git_description }}"
target: portage-podman
- name: Run Portage CD Scans
uses: easy-up/portage-cd-actions/image-build-scan-publish/docker@main
with:
image_build_enabled: false
image_publish_enabled: false
tag: ${{ steps.vars.outputs.image_name }}
build_args: "VERSION=${{ steps.vars.outputs.version }},GIT_COMMIT=${{ steps.vars.outputs.git_commit }},GIT_DESCRIPTION=${{ steps.vars.outputs.git_description }}"
- name: job summary
shell: bash
run: |
echo "## Docker Action Image Build and Push Summary" >> $GITHUB_STEP_SUMMARY
echo ":white_check_mark: Image (Docker CLI): ${{ steps.vars.outputs.image_name }}" >> $GITHUB_STEP_SUMMARY
echo ":white_check_mark: Image (Podman CLI): ${{ steps.vars.outputs.podman_image_name }}" >> $GITHUB_STEP_SUMMARY