Securing image - delete apk #71
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker hub auto publish image | |
| on: | |
| # Test and publish on push | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| # Run when file is edited | |
| - Dockerfile | |
| - start.sh | |
| - release-versions/* | |
| - .github/workflows/docker-publish-image.yml | |
| # Run tests for any PRs. | |
| pull_request: | |
| # Test and publish on workflow dispatch | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: 'Version of pigpio to get' | |
| required: true | |
| default: 'v79' | |
| env: | |
| # Image name at Docker Hub | |
| IMAGE_NAME: zinen2/alpine-pigpiod | |
| jobs: | |
| # Run tests. | |
| # See also https://docs.docker.com/docker-hub/builds/automated-testing/ | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Get variable from workflow dispatch | |
| if: github.event_name == 'workflow_dispatch' | |
| run: | | |
| # Write content of input form workflow_dispatch to file | |
| echo ${{ github.event.inputs.version }} > release-versions/pigpio-latest.txt | |
| - name: Modify Dockerfile pigpio version | |
| run: | | |
| # Change download link inside Dockerfile to match pigpio version stated here | |
| # this is only relevant if two releases are made in a short time | |
| PIGPIO_VERSION=$(cat release-versions/pigpio-latest.txt) | |
| if [ -z "$PIGPIO_VERSION" ] || [ "$PIGPIO_VERSION" = "null" ]; then | |
| echo "Content of PIGPIO_VERSION is null. Cant continue." | |
| exit 1 | |
| fi | |
| sed -i "s/master/$PIGPIO_VERSION/" Dockerfile | |
| # Show new Dockerfile content | |
| cat Dockerfile | |
| - name: Run tests | |
| run: | | |
| if [ -f docker-compose.test.yml ]; then | |
| docker-compose --file docker-compose.test.yml build | |
| docker-compose --file docker-compose.test.yml run sut | |
| else | |
| docker build . --file Dockerfile | |
| fi | |
| push: | |
| # Ensure test job passes before pushing image. | |
| needs: test | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
| - name: Get variable from workflow dispatch | |
| if: github.event_name == 'workflow_dispatch' | |
| run: | | |
| # Write content of input form workflow_dispatch to file | |
| echo ${{ github.event.inputs.version }} > release-versions/pigpio-latest.txt | |
| - name: Modify Dockerfile pigpio version | |
| run: | | |
| # Add label of pigpio version to Dockerfile eg. 'v78' | |
| PIGPIO_VERSION=$(cat release-versions/pigpio-latest.txt) | |
| echo "LABEL pigpio_version=$PIGPIO_VERSION" >> Dockerfile | |
| # Add variable as a global environment variable | |
| echo "PIGPIO_VERSION=$PIGPIO_VERSION" >> $GITHUB_ENV | |
| # Change download link inside Dockerfile to match pigpio version stated here | |
| # this is to make sure that the release that triggered this build is the one being downloaded source code from | |
| # it will only be relevant if two releases are made in a short time | |
| sed -i "s/master/$PIGPIO_VERSION/" Dockerfile | |
| # Show edited Dockerfile content | |
| cat Dockerfile | |
| - name: Add Label Schema to Dockerfile | |
| run: | | |
| # Label Schema based on http://label-schema.org/rc1/ | |
| TIME_ISO=$(date -u +"%Y-%m-%dT%H:%M:%SZ") | |
| echo "LABEL org.label-schema.build-date=$TIME_ISO" >> Dockerfile | |
| echo "LABEL org.label-schema.name=pigpiod" >> Dockerfile | |
| echo "LABEL org.label-schema.url=http://abyz.me.uk/rpi/pigpio/pigpiod.html" >> Dockerfile | |
| echo "LABEL org.label-schema.vcs-url=https://github.com/zinen/docker-alpine-pigpiod" >> Dockerfile | |
| GIT_HASH=$(git rev-parse --short "$GITHUB_SHA") | |
| echo "LABEL org.label-schema.vcs-ref=$GIT_HASH" >> Dockerfile | |
| echo "LABEL org.label-schema.version=$PIGPIO_VERSION" >> Dockerfile | |
| echo "LABEL org.label-schema.schema-version=1.0.0-rc.1" >> Dockerfile | |
| echo "LABEL org.label-schema.docker.cmd=\"docker run -it -p 8888:8888 --device /dev/gpiochip0 zinen2/alpine-pigpiod\"" >> Dockerfile | |
| # Show edited Dockerfile content | |
| cat Dockerfile | |
| - name: Build and push arm32v6 | |
| uses: docker/build-push-action@v3 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| platforms: linux/arm/v6 | |
| push: true | |
| tags: | | |
| ${{ env.IMAGE_NAME }}:arm32v6-pigpio-${{ env.PIGPIO_VERSION }} | |
| ${{ env.IMAGE_NAME }}:arm32v6 | |
| # - name: Build and push arm32v7 | |
| # uses: docker/build-push-action@v3 | |
| # with: | |
| # context: . | |
| # file: ./Dockerfile | |
| # platforms: linux/arm/v7 | |
| # push: true | |
| # tags: | | |
| # ${{ env.IMAGE_NAME }}:arm32v7 | |
| # - name: Build and push arm64v8 | |
| # uses: docker/build-push-action@v3 | |
| # with: | |
| # context: . | |
| # file: ./Dockerfile | |
| # platforms: linux/arm64 | |
| # push: true | |
| # tags: | | |
| # ${{ env.IMAGE_NAME }}:arm64v8 | |
| - name: Build and push latest | |
| uses: docker/build-push-action@v3 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| platforms: linux/arm/v6,linux/arm/v7,linux/arm64 | |
| push: true | |
| tags: | | |
| ${{ env.IMAGE_NAME }}:pigpio-${{ env.PIGPIO_VERSION }} | |
| ${{ env.IMAGE_NAME }}:latest |