Fix security issue in minizip (CSP-2769) #177
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker Image CI | |
on: | |
push: | |
branches: | |
- master | |
tags: | |
- 'v*' | |
schedule: | |
- cron: "05 04 * * 1" | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
env: | |
REPO: jgraph/drawio | |
HTTP_PORT: 32733 | |
HTTPS_PORT: 32734 | |
DOCKER_USER: ${{ secrets.DOCKER_USER }} | |
DOCKER_PASS: ${{ secrets.DOCKER_PASS }} | |
steps: | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- uses: actions/checkout@v3 | |
- name: Build Docker image | |
run: | | |
# Get draw.io current latest version | |
wget https://raw.githubusercontent.com/jgraph/drawio/master/VERSION | |
export VERSION=`cat VERSION` | |
echo "${DOCKER_PASS}" | docker login -u "${DOCKER_USER}" --password-stdin; | |
export GIT_BRANCH=`echo $GITHUB_REF | awk 'BEGIN { FS = "/" } ; { print $3 }'` | |
export TAG=`if [ "$GIT_BRANCH" == "v${VERSION}" ] || [ "$GIT_BRANCH" == "master" ]; then echo "latest"; else echo $GIT_BRANCH ; fi` | |
docker buildx build --platform linux/amd64,linux/arm64 -f main/Dockerfile -t ${REPO}:${VERSION} -t ${REPO}:$TAG --push main/ | |
#With platform build, the images are not stored locally, so we test the image after pushing it | |
docker run --name "drawio" -d -p ${HTTP_PORT}:8080 -p ${HTTPS_PORT}:8443 ${REPO}:${VERSION} | |
sleep 10 | |
docker logs drawio | |
docker exec drawio /bin/bash -c "curl -i http://localhost:8080" |