From 1eef211ea179b2ac27e3a7fabd68f496901201ca Mon Sep 17 00:00:00 2001 From: kjake Date: Sat, 23 Mar 2024 18:58:53 -0400 Subject: [PATCH] Maintenance -Attempt to re-base on Bullseye via my own image. -Attempt multi-arch build --- .github/workflows/anchore.yml | 23 +++++++++++++++-------- .github/workflows/docker.yml | 30 ++++++++++++++++++------------ Dockerfile | 2 +- 3 files changed, 34 insertions(+), 21 deletions(-) diff --git a/.github/workflows/anchore.yml b/.github/workflows/anchore.yml index a6222ce..be63f34 100644 --- a/.github/workflows/anchore.yml +++ b/.github/workflows/anchore.yml @@ -20,17 +20,24 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout the code - uses: actions/checkout@v2 - - name: Build the Docker image - run: docker build . --file Dockerfile --tag localbuild/testimage:latest - - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled - uses: anchore/scan-action@main + uses: actions/checkout@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: build local container + uses: docker/build-push-action@v5 + with: + tags: localbuild/testimage:latest + push: false + load: true + - name: Scan image + uses: anchore/scan-action@v3 with: image: "localbuild/testimage:latest" - acs-report-enable: true + output-format: sarif fail-build: false - severity-cutoff: high + severity-cutoff: critical + only-fixed: true - name: Upload Anchore Scan Report - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 4db27cd..b616dbc 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -2,7 +2,7 @@ name: Docker on: schedule: - - cron: '0 6 * * 1' + - cron: '0 6 * * *' push: branches: - master @@ -16,14 +16,20 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - - name: Build image - run: docker build . --file Dockerfile --tag $IMAGE_NAME:latest - - - name: Log into registry - run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login --username ${{ secrets.DOCKER_USERNAME }} --password-stdin - - - name: Push image - run: | - docker image push $IMAGE_NAME:latest + - name: Checkout the code + uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Build and push + uses: docker/build-push-action@v5 + with: + platforms: linux/386,linux/amd64,linux/arm64/v8,linux/arm/v5,linux/arm/v7,linux/ppc64le,linux/s390x,linux/mips64le + tags: ${{ env.IMAGE_NAME }}:latest + push: true \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 5a7ed7a..c9e5dfb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:buster-slim +FROM kjake/base MAINTAINER kjake