anti/DECNET
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
4acfa3f7794d1caf15f844865c25e6ba4c3edfc8
DECNET/.gitea/workflows/release.yml
anti fe7354554f
Some checks failed
CI / Lint (ruff) (push) Failing after 10s
Details
CI / Test (pytest) (3.11) (push) Failing after 39s
Details
CI / Test (pytest) (3.12) (push) Failing after 1m4s
Details
Security / SAST (bandit) (push) Successful in 11s
Details
Security / Dependency audit (pip-audit) (push) Successful in 18s
Details
Add bandit, pip-audit and trivy to CI/CD security pipeline
2026-04-04 17:24:43 -03:00

117 lines
3.1 KiB
YAML
Raw Blame History

name: Release
on:
push:
branches: [main]
env:
REGISTRY: git.resacachile.cl
OWNER: anti
jobs:
tag:
name: Auto-tag release
runs-on: ubuntu-latest
outputs:
version: ${{ steps.version.outputs.version }}
tag_created: ${{ steps.tag.outputs.created }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Extract version from pyproject.toml
id: version
run: |
VERSION=$(python3 -c "import tomllib; f=open('pyproject.toml','rb'); d=tomllib.load(f); print(d['project']['version'])")
echo "version=$VERSION" >> $GITHUB_OUTPUT
- name: Create tag if not exists
id: tag
run: |
VERSION=${{ steps.version.outputs.version }}
if git rev-parse "v$VERSION" >/dev/null 2>&1; then
echo "Tag v$VERSION already exists, skipping."
echo "created=false" >> $GITHUB_OUTPUT
else
git config user.name "gitea-actions"
git config user.email "actions@git.resacachile.cl"
git tag -a "v$VERSION" -m "Release v$VERSION"
git push origin "v$VERSION"
echo "created=true" >> $GITHUB_OUTPUT
fi
docker:
name: Build, scan & push ${{ matrix.service }}
runs-on: ubuntu-latest
needs: tag
strategy:
fail-fast: false
matrix:
service:
- cowrie
- docker_api
- elasticsearch
- ftp
- http
- imap
- k8s
- ldap
- llmnr
- mongodb
- mqtt
- mssql
- mysql
- pop3
- postgres
- rdp
- redis
- real_ssh
- sip
- smb
- smtp
- snmp
- tftp
- vnc
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Gitea container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Build image locally
uses: docker/build-push-action@v5
with:
context: templates/${{ matrix.service }}
load: true
push: false
tags: decnet-${{ matrix.service }}:scan
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Scan with Trivy
uses: aquasecurity/trivy-action@master
with:
image-ref: decnet-${{ matrix.service }}:scan
exit-code: "1"
severity: CRITICAL
ignore-unfixed: true
- name: Push image
if: success()
uses: docker/build-push-action@v5
with:
context: templates/${{ matrix.service }}
push: true
tags: |
${{ env.REGISTRY }}/${{ env.OWNER }}/decnet-${{ matrix.service }}:latest
${{ env.REGISTRY }}/${{ env.OWNER }}/decnet-${{ matrix.service }}:v${{ needs.tag.outputs.version }}
cache-from: type=gha
Reference in New Issue View Git Blame Copy Permalink