[Snyk] Fix for 3 vulnerabilities #37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: docker | |
| on: | |
| push: | |
| branches: | |
| - 'master' | |
| tags: | |
| - '*.*.*' | |
| pull_request: | |
| env: | |
| # We can't run a step 'if secrets.GHCR_USERNAME != ""' but we can run a step | |
| # 'if env.GHCR_USERNAME' != ""', so we copy these to test whether credentials | |
| # are available before trying to run steps that need them. Like PRs from forks! | |
| GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }} | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Image name | |
| id: image_name | |
| uses: actions/[email protected] | |
| with: | |
| github-token: ${{secrets.GITHUB_TOKEN}} | |
| script: | | |
| const res = await github.repos.get(context.repo); | |
| let imageName = 'kes-dev'; | |
| if (res.data.default_branch === context.ref.replace('refs/heads/', '') || context.ref.startsWith('refs/tags/')) { | |
| imageName = 'kubernetes-external-secrets'; | |
| } | |
| core.setOutput('image', `ghcr.io/external-secrets/${imageName}`); | |
| - name: Docker meta | |
| id: docker_meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: ${{ steps.image_name.outputs.image }} | |
| tags: | | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=edge,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }},latest=false | |
| - name: Login to Docker | |
| uses: docker/login-action@v2 | |
| if: env.GHCR_USERNAME != '' && steps.docker_meta.outputs.version != '' | |
| with: | |
| registry: ghcr.io | |
| username: ${{ secrets.GHCR_USERNAME }} | |
| password: ${{ secrets.GHCR_TOKEN }} | |
| - name: Build and push | |
| uses: docker/build-push-action@v3 | |
| with: | |
| context: . | |
| platforms: linux/amd64,linux/arm64,linux/arm/v7 | |
| push: ${{ env.GHCR_USERNAME != '' && steps.docker_meta.outputs.version != ''}} | |
| tags: ${{ steps.docker_meta.outputs.tags }} | |
| labels: ${{ steps.docker_meta.outputs.labels }} |