admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Workflow adjustments:

Browse Source 
- Paths ignore for all docker build
- Remove security workflow (CVEs should be fixed by Alpine)
This commit is contained in:
Quentin McGaw
2020-05-29 10:20:45 +00:00
parent 3f6d3d7c2a
commit c85cca7fdc
5 changed files with 58 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
.github/workflows/build.yml vendored
View File

@@ -2,6 +2,28 @@ name: Docker build
on: on:
pull_request: pull_request:
branches: [master] branches: [master]
paths-ignore:
- .devcontainer
- .github/ISSUE_TEMPLATE
- .github/workflows/buildx-release.yml
- .github/workflows/buildx-branch.yml
- .github/workflows/buildx-latest.yml
- .github/workflows/dockerhub-description.yml
- .github/workflows/labels.yml
- .github/workflows/misspell.yml
- .github/CODEOWNERS
- .github/CONTRIBUTING.md
- .github/FUNDING.yml
- .github/labels.yml
- .vscode
- cmd/ovpnparser
- cmd/resolver
- doc
- .gitignore
- docker-compose.yml
- LICENSE
- README.md
- title.svg
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest

15
.github/workflows/buildx-branch.yml vendored
View File

@@ -6,13 +6,22 @@ on:
- '*/*' - '*/*'
- '!master' - '!master'
paths-ignore: paths-ignore:
- .devcontainer
- .github/ISSUE_TEMPLATE
- .github/workflows/build.yml
- .github/workflows/buildx-release.yml - .github/workflows/buildx-release.yml
- .github/workflows/buildx-latest.yml
- .github/workflows/dockerhub-description.yml - .github/workflows/dockerhub-description.yml
- .github/workflows/greetings.yml
- .github/workflows/labels.yml - .github/workflows/labels.yml
- .github/workflows/misspell.yml - .github/workflows/misspell.yml
- .github/workflows/security.yml - .github/CODEOWNERS
- .dockerignore - .github/CONTRIBUTING.md
- .github/FUNDING.yml
- .github/labels.yml
- .vscode
- cmd/ovpnparser
- cmd/resolver
- doc
- .gitignore - .gitignore
- docker-compose.yml - docker-compose.yml
- LICENSE - LICENSE

15
.github/workflows/buildx-latest.yml vendored
View File

@@ -3,13 +3,22 @@ on:
push: push:
branches: [master] branches: [master]
paths-ignore: paths-ignore:
- .devcontainer
- .github/ISSUE_TEMPLATE
- .github/workflows/build.yml
- .github/workflows/buildx-branch.yml
- .github/workflows/buildx-release.yml - .github/workflows/buildx-release.yml
- .github/workflows/dockerhub-description.yml - .github/workflows/dockerhub-description.yml
- .github/workflows/greetings.yml
- .github/workflows/labels.yml - .github/workflows/labels.yml
- .github/workflows/misspell.yml - .github/workflows/misspell.yml
- .github/workflows/security.yml - .github/CODEOWNERS
- .dockerignore - .github/CONTRIBUTING.md
- .github/FUNDING.yml
- .github/labels.yml
- .vscode
- cmd/ovpnparser
- cmd/resolver
- doc
- .gitignore - .gitignore
- docker-compose.yml - docker-compose.yml
- LICENSE - LICENSE

15
.github/workflows/buildx-release.yml vendored
View File

@@ -3,13 +3,22 @@ on:
release: release:
types: [published] types: [published]
paths-ignore: paths-ignore:
- .devcontainer
- .github/ISSUE_TEMPLATE
- .github/workflows/build.yml
- .github/workflows/buildx-branch.yml
- .github/workflows/buildx-latest.yml - .github/workflows/buildx-latest.yml
- .github/workflows/dockerhub-description.yml - .github/workflows/dockerhub-description.yml
- .github/workflows/greetings.yml
- .github/workflows/labels.yml - .github/workflows/labels.yml
- .github/workflows/misspell.yml - .github/workflows/misspell.yml
- .github/workflows/security.yml - .github/CODEOWNERS
- .dockerignore - .github/CONTRIBUTING.md
- .github/FUNDING.yml
- .github/labels.yml
- .vscode
- cmd/ovpnparser
- cmd/resolver
- doc
- .gitignore - .gitignore
- docker-compose.yml - docker-compose.yml
- LICENSE - LICENSE

44
.github/workflows/security.yml vendored
View File

@@ -1,44 +0,0 @@
name: Security scan of Docker image
on:
push:
branches: [master]
paths-ignore:
- .github/workflows/buildx-release.yml
- .github/workflows/dockerhub-description.yml
- .github/workflows/greetings.yml
- .github/workflows/labels.yml
- .github/workflows/misspell.yml
- .github/workflows/security.yml
- .dockerignore
- .gitignore
- docker-compose.yml
- LICENSE
- README.md
- title.svg
schedule:
- cron: '0 9 * * *'
jobs:
security-analysis:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Check for scratch
id: scratchCheck
run: echo ::set-output name=scratch::$(cat Dockerfile | grep 'FROM scratch')
- name: Build image
if: steps.scratchCheck.outputs.scratch == ''
run: docker build -t image .
- name: Phonito
if: steps.scratchCheck.outputs.scratch == ''
uses: phonito/phonito-scanner-action@master
with:
image: image
fail-level: LOW
phonito-token: ${{ secrets.PHONITO_TOKEN }}
- name: Trivy
if: steps.scratchCheck.outputs.scratch == ''
uses: homoluctus/gitrivy@v1.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
image: image