Denis Pisarev
1 week ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with
13 additions and
13 deletions
-
.github/workflows/hadolint.yml
-
.github/workflows/release.yml
-
.github/workflows/zizmor.yml
|
|
|
@ -30,14 +30,6 @@ jobs: |
|
|
|
driver-opts: | |
|
|
|
network=host |
|
|
|
|
|
|
|
# Download hadolint - https://github.com/hadolint/hadolint/releases |
|
|
|
- name: Download hadolint |
|
|
|
run: | |
|
|
|
sudo curl -L https://github.com/hadolint/hadolint/releases/download/v${HADOLINT_VERSION}/hadolint-$(uname -s)-$(uname -m) -o /usr/local/bin/hadolint && \ |
|
|
|
sudo chmod +x /usr/local/bin/hadolint |
|
|
|
env: |
|
|
|
HADOLINT_VERSION: 2.14.0 |
|
|
|
# End Download hadolint |
|
|
|
# Checkout the repo |
|
|
|
- name: Checkout |
|
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 |
|
|
|
@ -46,8 +38,17 @@ jobs: |
|
|
|
# End Checkout the repo |
|
|
|
|
|
|
|
# Test Dockerfiles with hadolint |
|
|
|
- name: Run hadolint |
|
|
|
run: hadolint docker/Dockerfile.{debian,alpine} |
|
|
|
# Uses the Docker-based action (hadolint pre-bundled in ghcr.io/hadolint/hadolint:v2.14.0-debian) |
|
|
|
# so no binary is downloaded at runtime. Pinned by commit SHA for supply-chain safety. |
|
|
|
- name: Run hadolint on Dockerfile.debian |
|
|
|
uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0 |
|
|
|
with: |
|
|
|
dockerfile: docker/Dockerfile.debian |
|
|
|
|
|
|
|
- name: Run hadolint on Dockerfile.alpine |
|
|
|
uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0 |
|
|
|
with: |
|
|
|
dockerfile: docker/Dockerfile.alpine |
|
|
|
# End Test Dockerfiles with hadolint |
|
|
|
|
|
|
|
# Test Dockerfiles with docker build checks |
|
|
|
|
|
|
|
@ -185,7 +185,6 @@ jobs: |
|
|
|
id: bake_vw |
|
|
|
uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0 |
|
|
|
env: |
|
|
|
BASE_TAGS: "${{ steps.determine-version.outputs.BASE_TAGS }}" |
|
|
|
SOURCE_COMMIT: "${{ env.SOURCE_COMMIT }}" |
|
|
|
SOURCE_VERSION: "${{ env.SOURCE_VERSION }}" |
|
|
|
SOURCE_REPOSITORY_URL: "${{ env.SOURCE_REPOSITORY_URL }}" |
|
|
|
@ -247,7 +246,7 @@ jobs: |
|
|
|
|
|
|
|
merge-manifests: |
|
|
|
name: Merge manifests |
|
|
|
runs-on: ubuntu-latest |
|
|
|
runs-on: ubuntu-24.04 |
|
|
|
needs: docker-build |
|
|
|
environment: release |
|
|
|
permissions: |
|
|
|
|
|
|
|
@ -14,7 +14,7 @@ on: |
|
|
|
jobs: |
|
|
|
zizmor: |
|
|
|
name: Run zizmor |
|
|
|
runs-on: ubuntu-latest |
|
|
|
runs-on: ubuntu-24.04 |
|
|
|
permissions: |
|
|
|
security-events: write # To write the security report |
|
|
|
steps: |
|
|
|
|
