mirror of
https://github.com/seaweedfs/seaweedfs.git
synced 2024-12-15 11:09:06 +08:00
dd737bd755
- Pinned actions by SHA https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions >Pin actions to a full length commit SHA >Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions
68 lines
2.2 KiB
YAML
68 lines
2.2 KiB
YAML
name: "docker: build latest container"
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- '*'
|
|
workflow_dispatch: []
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
|
|
build-latest-container:
|
|
runs-on: [ubuntu-latest]
|
|
|
|
steps:
|
|
-
|
|
name: Checkout
|
|
uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
|
|
-
|
|
name: Docker meta
|
|
id: docker_meta
|
|
uses: docker/metadata-action@e5622373a38e60fb6d795a4421e56882f2d7a681 # v3
|
|
with:
|
|
images: |
|
|
chrislusf/seaweedfs
|
|
ghcr.io/chrislusf/seaweedfs
|
|
tags: |
|
|
type=raw,value=latest
|
|
labels: |
|
|
org.opencontainers.image.title=seaweedfs
|
|
org.opencontainers.image.description=SeaweedFS is a distributed storage system for blobs, objects, files, and data lake, to store and serve billions of files fast!
|
|
org.opencontainers.image.vendor=Chris Lu
|
|
-
|
|
name: Set up QEMU
|
|
uses: docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480 # v1
|
|
-
|
|
name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # v1
|
|
with:
|
|
buildkitd-flags: "--debug"
|
|
-
|
|
name: Login to Docker Hub
|
|
if: github.event_name != 'pull_request'
|
|
uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 # v1
|
|
with:
|
|
username: ${{ secrets.DOCKER_USERNAME }}
|
|
password: ${{ secrets.DOCKER_PASSWORD }}
|
|
-
|
|
name: Login to GHCR
|
|
if: github.event_name != 'pull_request'
|
|
uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 # v1
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ secrets.GHCR_USERNAME }}
|
|
password: ${{ secrets.GHCR_TOKEN }}
|
|
-
|
|
name: Build
|
|
uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a # v2
|
|
with:
|
|
context: ./docker
|
|
push: ${{ github.event_name != 'pull_request' }}
|
|
file: ./docker/Dockerfile.go_build
|
|
platforms: linux/amd64, linux/arm, linux/arm64, linux/386
|
|
tags: ${{ steps.docker_meta.outputs.tags }}
|
|
labels: ${{ steps.docker_meta.outputs.labels }}
|