From f461abf941b6960f4166f187d358fc922044464f Mon Sep 17 00:00:00 2001 From: timo Date: Tue, 1 Apr 2025 16:10:50 +0200 Subject: [PATCH 1/4] add more image tags and update action This commit discards the custom script to determine the image tag and uses the docker metadata action instead. Also it adds more tags to the images and updates the metadata action to the latest version. --- .github/workflows/docker-image.yml | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 829f6cb..874f2d8 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -45,30 +45,27 @@ jobs: - uses: rlespinasse/github-slug-action@v4.4.1 - - name: Calculate tag - id: tag - run: | - if [ "$GITHUB_EVENT_NAME" == "pull_request" ]; then - TAG="pr-${{ github.event.number }}" - else - TAG=${{ github.ref_name }} - fi - echo "IMAGE=${{ vars.REGISTRY_URI }}/${{ vars.REGISTRY_ORGANIZATION }}/bbb-webhooks:$TAG" >> $GITHUB_OUTPUT - - name: Docker meta id: meta - uses: docker/metadata-action@v4 + uses: docker/metadata-action@v5 with: - images: ${{ steps.tag.outputs.IMAGE }} + images: ${{ vars.REGISTRY_URI }}/${{ vars.REGISTRY_ORGANIZATION }}/bbb-webhooks + tags: | + type=ref,event=pr + type=ref,event=tag + type=semver,pattern={{major}}.{{minor}}.{{patch}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=semver,pattern=latest - name: Build and push image uses: docker/build-push-action@v5 with: push: true - tags: ${{ steps.tag.outputs.IMAGE }} + tags: ${{ steps.meta.outputs.tags }} context: . platforms: linux/amd64 - cache-from: type=registry,ref=${{ steps.tag.outputs.IMAGE }} + cache-from: type=registry,ref=${{ steps.meta.outputs.tags }} labels: | ${{ steps.meta.outputs.labels }} From 52c10b3bf0698bf5d355314b495e4115618c8bbb Mon Sep 17 00:00:00 2001 From: timo Date: Tue, 1 Apr 2025 20:20:59 +0200 Subject: [PATCH 2/4] ignore docker-compose.yml --- .dockerignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.dockerignore b/.dockerignore index c6e6657..1801640 100644 --- a/.dockerignore +++ b/.dockerignore @@ -10,6 +10,7 @@ *swo *swp docker-compose.yaml +docker-compose.yml Dockerfile example/ extra/ From 8a1d1a798eaf24857afdbf7eeb544601d44b9629 Mon Sep 17 00:00:00 2001 From: timo Date: Tue, 1 Apr 2025 20:22:01 +0200 Subject: [PATCH 3/4] update docker image to node 22 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c9d88b0..a457cee 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM node:20-alpine +FROM node:22-alpine WORKDIR /app From 3c8fbfde4a7036eb4967dc2d1127430879b7decc Mon Sep 17 00:00:00 2001 From: timo Date: Wed, 2 Apr 2025 14:18:31 +0200 Subject: [PATCH 4/4] correct pr image tags --- .github/workflows/docker-image.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 874f2d8..0b827cf 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -59,7 +59,7 @@ jobs: type=semver,pattern=latest - name: Build and push image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: push: true tags: ${{ steps.meta.outputs.tags }} @@ -78,13 +78,13 @@ jobs: issue_number: context.issue.number, owner: context.repo.owner, repo: context.repo.repo, - body: "Updated Docker image pushed to `${{ steps.tag.outputs.IMAGE }}`" + body: "Updated Docker image pushed to `${{ vars.REGISTRY_URI }}/${{ vars.REGISTRY_ORGANIZATION }}/bbb-webhooks/pr-${{ github.event.number }}`" }) - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: ${{ steps.tag.outputs.IMAGE }} + image-ref: ${{ vars.REGISTRY_URI }}/${{ vars.REGISTRY_ORGANIZATION }}/bbb-webhooks/pr-${{ github.event.number }} format: 'sarif' output: 'trivy-results.sarif' severity: 'CRITICAL,HIGH'