From e921541c7a3ae786b0482436c9ef9119a951176e Mon Sep 17 00:00:00 2001 From: Akos Pasztor Date: Mon, 12 Feb 2024 10:11:19 +0100 Subject: [PATCH] Add basic docker image test --- .github/workflows/ci-docker-image.yml | 44 +++++++++++++++++++++------ script/test-gcc-version.sh | 17 +++++++++++ 2 files changed, 52 insertions(+), 9 deletions(-) create mode 100755 script/test-gcc-version.sh diff --git a/.github/workflows/ci-docker-image.yml b/.github/workflows/ci-docker-image.yml index a12751a..9e18777 100644 --- a/.github/workflows/ci-docker-image.yml +++ b/.github/workflows/ci-docker-image.yml @@ -2,6 +2,7 @@ name: Docker Image CI on: push env: DOCKERHUB_USER: akospasztor + DOCKER_IMAGE_NAME: akospasztor/docker-gcc-arm jobs: build: @@ -11,16 +12,16 @@ jobs: os: [linux] include: - os: linux - runner: ubuntu-20.04 + runner: ubuntu-latest runs-on: ${{ matrix.runner }} steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Setup docker buildx id: buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 - name: Cache docker layers - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ matrix.version }}-${{ github.sha }} @@ -29,9 +30,9 @@ jobs: ${{ runner.os }}-buildx- - name: Docker metadata id: docker_meta - uses: docker/metadata-action@v3 + uses: docker/metadata-action@v5 with: - images: akospasztor/docker-gcc-arm + images: ${{ env.DOCKER_IMAGE_NAME }} flavor: | prefix=${{ matrix.version }}-${{ matrix.os }}- latest=false @@ -39,16 +40,41 @@ jobs: type=raw,value=latest type=semver,pattern={{version}} - name: Login to dockerhub - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: username: ${{ env.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_PAT }} - name: Build docker image id: docker_build - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v5 with: context: ./${{ matrix.version }}/${{ matrix.os }} - push: ${{ contains(github.ref, 'refs/tags/') }} + load: true + push: false + tags: ${{ steps.docker_meta.outputs.tags }} + labels: ${{ steps.docker_meta.outputs.labels }} + builder: ${{ steps.buildx.outputs.name }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + - name: Test docker image + run: > + docker run --rm -i --env GCC_VERSION=${{ matrix.version }} + ${{ env.DOCKER_IMAGE_NAME }}:${{ steps.docker_meta.outputs.version }} + < script/test-gcc-version.sh + - name: Search for vulnerabilities with docker scout + uses: docker/scout-action@v1 + with: + command: cves + image: ${{ env.DOCKER_IMAGE_NAME }}:${{ steps.docker_meta.outputs.version }} + only-severities: critical, high + only-fixed: true + summary: true + - name: Push docker image + if: ${{ contains(github.ref, 'refs/tags/') }} + uses: docker/build-push-action@v5 + with: + context: ./${{ matrix.version }}/${{ matrix.os }} + push: true tags: ${{ steps.docker_meta.outputs.tags }} labels: ${{ steps.docker_meta.outputs.labels }} builder: ${{ steps.buildx.outputs.name }} diff --git a/script/test-gcc-version.sh b/script/test-gcc-version.sh new file mode 100755 index 0000000..02adfe4 --- /dev/null +++ b/script/test-gcc-version.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +# This tiny script verifies that the installed GCC version is correct by +# comparing the installed GCC version to the version passed via an +# environmental variable. +# The script exits with 0 (OK) if the installed GCC version is correct and +# exits with 1 (error) if either the environmental variable is not set or the +# installed version does not match the value of the environmental variable. + +[[ -z $GCC_VERSION ]] && exit 1 + +if arm-none-eabi-gcc --version | grep "$GCC_VERSION" +then + exit 0 +else + exit 1 +fi