Skip to content

Fix protoc install vulnerability #877

Fix protoc install vulnerability

Fix protoc install vulnerability #877

name: kuksa_val_docker
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
paths-ignore:
- ".github/workflows/kuksa_databroker_build.yml"
- "kuksa_databroker/**"
- "kuksa_go_client/**"
- "kuksa_client/**"
- "Cargo.*"
- "Cross.toml"
workflow_dispatch:
jobs:
checkrights:
uses: ./.github/workflows/check_push_rights.yml
secrets: inherit
build:
runs-on: [ self-hosted ]
needs: checkrights
steps:
- uses: actions/checkout@v3
with:
submodules: recursive
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
# list of Docker images to use as base name for tags
images: |
ghcr.io/eclipse/kuksa.val/kuksa-val
# generate Docker tags based on the following events/attributes
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
- name: Log in to the Container registry
if: needs.checkrights.outputs.have_secrets == 'true'
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
#push to ghcr if we have rights, AND thisis not a PR (current settings in Eclipse orga do not
#seem to allow us to ever delete pushed images, so try not to push PR images
- name: Build kuksa.val server container and push to ghcr.io
if: ${{ needs.checkrights.outputs.have_secrets == 'true' && github.event_name != 'pull_request' }}
uses: docker/build-push-action@v4
with:
platforms: |
linux/amd64
linux/arm64
file: ./kuksa-val-server/docker/Dockerfile
context: .
push: true
tags: |
${{ steps.meta.outputs.tags }}
ttl.sh/kuksa.val/kuksa-server-${{github.sha}}
labels: ${{ steps.meta.outputs.labels }}
- name: Build ephemereal kuksa-val docker and push to ttl.sh
if: ${{ needs.checkrights.outputs.have_secrets == 'false' || github.event_name == 'pull_request' }}
uses: docker/build-push-action@v4
with:
platforms: |
linux/amd64
linux/arm64
file: ./kuksa-val-server/docker/Dockerfile
context: .
push: true
tags: ttl.sh/kuksa.val/kuksa-server-${{github.sha}}
labels: ${{ steps.meta.outputs.labels }}