Commit 9f29e1d4 authored by Julien Bouquillon's avatar Julien Bouquillon 🐫
Browse files

chore: remove legacy images

parent 2ce24389
concurrency:
cancel-in-progress: true
group: "ci-deploy-${{ github.ref }}"
jobs:
build:
name: Build
needs:
- Lint
outputs:
digest: "${{ steps.docker_push.outputs.digest }}"
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- id: docker_meta
uses: "crazy-max/ghaction-docker-meta@f6efe56d565add159ad605568120f5b22712a870"
with:
images: ghcr.io/socialgouv/docker/ci-deploy
labels: |
org.opencontainers.image.title=ci-deploy
org.opencontainers.image.documentation=https://github.com/SocialGouv/docker/tree/${{ github.sha }}/ci-deploy
tags: |
type=sha
type=raw,value=sha-${{ github.sha }}
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- id: docker_buildx
name: Set up Docker Buildx
uses: "docker/setup-buildx-action@abe5d8f79a1606a2d3e218847032f3f2b1726ab0"
with: {}
- if: "${{ github.event_name != 'pull_request' }}"
name: Login to ghcr.io/socialgouv Registry
uses: "docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9"
with:
password: "${{ secrets.GHCR_REGISTRY_TOKEN }}"
registry: ghcr.io
username: "${{ secrets.SOCIALGROOVYBOT_NAME }}"
- id: docker_push
name: Push
uses: "docker/build-push-action@1bc1040caef9e604eb543693ba89b5bf4fc80935"
with:
builder: "${{ steps.docker_buildx.outputs.name }}"
cache-from: type=gha
cache-to: "type=gha,mode=max"
context: "./ci-deploy"
labels: "${{ steps.docker_meta.outputs.labels }}"
push: 'true'
tags: "${{ steps.docker_meta.outputs.tags }}"
- name: Image digest
run: |
echo "${{ steps.docker_push.outputs.digest }}"
container_test:
name: Container Test
needs:
- Build
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- name: Container structure test
uses: "docker://gcr.io/gcp-runtimes/container-structure-test:v1.10.0@sha256:78c0abfdc3696ec9fb35840d62342cf28f65d890d56beceb2113638d59f2cce8"
with:
args: "test --config ci-deploy/tests/container-structure-test.yml -v debug --image ghcr.io/socialgouv/docker/ci-deploy@${{ needs.Build.outputs.digest }} --pull"
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./ci-deploy/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
- Build
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: "docker pull ghcr.io/socialgouv/docker/ci-deploy:sha-${{ github.sha }}"
- name: Run Trivy vulnerability scanner
uses: "aquasecurity/trivy-action@dba83feec810c70bacbc4bead308ae1e466c572b"
with:
image-ref: "ghcr.io/socialgouv/docker/ci-deploy:sha-${{ github.sha }}"
- name: Export Trivy Results as sarif
uses: "aquasecurity/trivy-action@dba83feec810c70bacbc4bead308ae1e466c572b"
with:
format: template
image-ref: "ghcr.io/socialgouv/docker/ci-deploy:sha-${{ github.sha }}"
output: trivy-results.sarif
template: "@/contrib/sarif.tpl"
- name: Change hardcoded Dockerfile path
run: "sed -i 's/\"uri\": \"Dockerfile\"/\"uri\": \"ci-deploy\\/Dockerfile\"/' trivy-results.sarif"
- uses: "github/codeql-action/upload-sarif@a3a8231e64d3db0e7da0f3b56b9521dcccdfe412"
with:
sarif_file: trivy-results.sarif
version_test:
container: "docker://ghcr.io/socialgouv/docker/ci-deploy:sha-${{ github.sha }}"
name: Test Version
needs:
- Build
runs-on: ubuntu-latest
steps:
- run: kubectl version --client=true
name: "ci-deploy (branch)"
on:
push:
branches-ignore:
- master
- next
- next-major
- beta
- alpha
- "+([0-9])?(.{+([0-9]),x}).x"
paths:
- "ci-deploy/**"
- ".github/workflows/ci-deploy.branches.workflow.yaml"
concurrency:
cancel-in-progress: true
group: "ci-deploy-${{ github.ref }}"
jobs:
build:
name: Build
needs:
- Lint
outputs:
digest: "${{ steps.docker_push.outputs.digest }}"
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- id: docker_meta
uses: "crazy-max/ghaction-docker-meta@f6efe56d565add159ad605568120f5b22712a870"
with:
images: ghcr.io/socialgouv/docker/ci-deploy
labels: |
org.opencontainers.image.title=ci-deploy
org.opencontainers.image.documentation=https://github.com/SocialGouv/docker/tree/${{ github.sha }}/ci-deploy
tags: |
type=sha
type=raw,value=sha-${{ github.sha }}
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- id: docker_buildx
name: Set up Docker Buildx
uses: "docker/setup-buildx-action@abe5d8f79a1606a2d3e218847032f3f2b1726ab0"
with: {}
- if: "${{ github.event_name != 'pull_request' }}"
name: Login to ghcr.io/socialgouv Registry
uses: "docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9"
with:
password: "${{ secrets.GHCR_REGISTRY_TOKEN }}"
registry: ghcr.io
username: "${{ secrets.SOCIALGROOVYBOT_NAME }}"
- id: docker_push
name: Push
uses: "docker/build-push-action@1bc1040caef9e604eb543693ba89b5bf4fc80935"
with:
builder: "${{ steps.docker_buildx.outputs.name }}"
cache-from: type=gha
cache-to: "type=gha,mode=max"
context: "./ci-deploy"
labels: "${{ steps.docker_meta.outputs.labels }}"
push: 'true'
tags: "${{ steps.docker_meta.outputs.tags }}"
- name: Image digest
run: |
echo "${{ steps.docker_push.outputs.digest }}"
container_test:
name: Container Test
needs:
- Build
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- name: Container structure test
uses: "docker://gcr.io/gcp-runtimes/container-structure-test:v1.10.0@sha256:78c0abfdc3696ec9fb35840d62342cf28f65d890d56beceb2113638d59f2cce8"
with:
args: "test --config ci-deploy/tests/container-structure-test.yml -v debug --image ghcr.io/socialgouv/docker/ci-deploy@${{ needs.Build.outputs.digest }} --pull"
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./ci-deploy/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
- Build
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: "docker pull ghcr.io/socialgouv/docker/ci-deploy:sha-${{ github.sha }}"
- name: Run Trivy vulnerability scanner
uses: "aquasecurity/trivy-action@dba83feec810c70bacbc4bead308ae1e466c572b"
with:
image-ref: "ghcr.io/socialgouv/docker/ci-deploy:sha-${{ github.sha }}"
- name: Export Trivy Results as sarif
uses: "aquasecurity/trivy-action@dba83feec810c70bacbc4bead308ae1e466c572b"
with:
format: template
image-ref: "ghcr.io/socialgouv/docker/ci-deploy:sha-${{ github.sha }}"
output: trivy-results.sarif
template: "@/contrib/sarif.tpl"
- name: Change hardcoded Dockerfile path
run: "sed -i 's/\"uri\": \"Dockerfile\"/\"uri\": \"ci-deploy\\/Dockerfile\"/' trivy-results.sarif"
- uses: "github/codeql-action/upload-sarif@a3a8231e64d3db0e7da0f3b56b9521dcccdfe412"
with:
sarif_file: trivy-results.sarif
version_test:
container: "docker://ghcr.io/socialgouv/docker/ci-deploy:sha-${{ github.sha }}"
name: Test Version
needs:
- Build
runs-on: ubuntu-latest
steps:
- run: kubectl version --client=true
name: "ci-deploy (main)"
on:
push:
branches:
- master
- next
- next-major
- beta
- alpha
- "+([0-9])?(.{+([0-9]),x}).x"
tags:
- "v*"
concurrency:
cancel-in-progress: true
group: "curl-${{ github.ref }}"
jobs:
build:
name: Build
needs:
- Lint
outputs:
digest: "${{ steps.docker_push.outputs.digest }}"
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- id: docker_meta
uses: "crazy-max/ghaction-docker-meta@f6efe56d565add159ad605568120f5b22712a870"
with:
images: ghcr.io/socialgouv/docker/curl
labels: |
org.opencontainers.image.title=curl
org.opencontainers.image.documentation=https://github.com/SocialGouv/docker/tree/${{ github.sha }}/curl
tags: |
type=sha
type=raw,value=sha-${{ github.sha }}
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- id: docker_buildx
name: Set up Docker Buildx
uses: "docker/setup-buildx-action@abe5d8f79a1606a2d3e218847032f3f2b1726ab0"
with: {}
- if: "${{ github.event_name != 'pull_request' }}"
name: Login to ghcr.io/socialgouv Registry
uses: "docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9"
with:
password: "${{ secrets.GHCR_REGISTRY_TOKEN }}"
registry: ghcr.io
username: "${{ secrets.SOCIALGROOVYBOT_NAME }}"
- id: docker_push
name: Push
uses: "docker/build-push-action@1bc1040caef9e604eb543693ba89b5bf4fc80935"
with:
builder: "${{ steps.docker_buildx.outputs.name }}"
cache-from: type=gha
cache-to: "type=gha,mode=max"
context: "./curl"
labels: "${{ steps.docker_meta.outputs.labels }}"
push: 'true'
tags: "${{ steps.docker_meta.outputs.tags }}"
- name: Image digest
run: |
echo "${{ steps.docker_push.outputs.digest }}"
container_test:
name: Container Test
needs:
- Build
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- name: Container structure test
uses: "docker://gcr.io/gcp-runtimes/container-structure-test:v1.10.0@sha256:78c0abfdc3696ec9fb35840d62342cf28f65d890d56beceb2113638d59f2cce8"
with:
args: "test --config curl/tests/container-structure-test.yml -v debug --image ghcr.io/socialgouv/docker/curl@${{ needs.Build.outputs.digest }} --pull"
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./curl/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
- Build
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: "docker pull ghcr.io/socialgouv/docker/curl:sha-${{ github.sha }}"
- name: Run Trivy vulnerability scanner
uses: "aquasecurity/trivy-action@dba83feec810c70bacbc4bead308ae1e466c572b"
with:
image-ref: "ghcr.io/socialgouv/docker/curl:sha-${{ github.sha }}"
- name: Export Trivy Results as sarif
uses: "aquasecurity/trivy-action@dba83feec810c70bacbc4bead308ae1e466c572b"
with:
format: template
image-ref: "ghcr.io/socialgouv/docker/curl:sha-${{ github.sha }}"
output: trivy-results.sarif
template: "@/contrib/sarif.tpl"
- name: Change hardcoded Dockerfile path
run: "sed -i 's/\"uri\": \"Dockerfile\"/\"uri\": \"curl\\/Dockerfile\"/' trivy-results.sarif"
- uses: "github/codeql-action/upload-sarif@a3a8231e64d3db0e7da0f3b56b9521dcccdfe412"
with:
sarif_file: trivy-results.sarif
version_test:
container: "docker://ghcr.io/socialgouv/docker/curl:sha-${{ github.sha }}"
name: Test Version
needs:
- Build
runs-on: ubuntu-latest
steps:
- run: curl --version
name: "curl (branch)"
on:
push:
branches-ignore:
- master
- next
- next-major
- beta
- alpha
- "+([0-9])?(.{+([0-9]),x}).x"
paths:
- "curl/**"
- ".github/workflows/curl.branches.workflow.yaml"
concurrency:
cancel-in-progress: true
group: "curl-${{ github.ref }}"
jobs:
build:
name: Build
needs:
- Lint
outputs:
digest: "${{ steps.docker_push.outputs.digest }}"
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- id: docker_meta
uses: "crazy-max/ghaction-docker-meta@f6efe56d565add159ad605568120f5b22712a870"
with:
images: ghcr.io/socialgouv/docker/curl
labels: |
org.opencontainers.image.title=curl
org.opencontainers.image.documentation=https://github.com/SocialGouv/docker/tree/${{ github.sha }}/curl
tags: |
type=sha
type=raw,value=sha-${{ github.sha }}
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- id: docker_buildx
name: Set up Docker Buildx
uses: "docker/setup-buildx-action@abe5d8f79a1606a2d3e218847032f3f2b1726ab0"
with: {}
- if: "${{ github.event_name != 'pull_request' }}"
name: Login to ghcr.io/socialgouv Registry
uses: "docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9"
with:
password: "${{ secrets.GHCR_REGISTRY_TOKEN }}"
registry: ghcr.io
username: "${{ secrets.SOCIALGROOVYBOT_NAME }}"
- id: docker_push
name: Push
uses: "docker/build-push-action@1bc1040caef9e604eb543693ba89b5bf4fc80935"
with:
builder: "${{ steps.docker_buildx.outputs.name }}"
cache-from: type=gha
cache-to: "type=gha,mode=max"
context: "./curl"
labels: "${{ steps.docker_meta.outputs.labels }}"
push: 'true'
tags: "${{ steps.docker_meta.outputs.tags }}"
- name: Image digest
run: |
echo "${{ steps.docker_push.outputs.digest }}"
container_test:
name: Container Test
needs:
- Build
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- name: Container structure test
uses: "docker://gcr.io/gcp-runtimes/container-structure-test:v1.10.0@sha256:78c0abfdc3696ec9fb35840d62342cf28f65d890d56beceb2113638d59f2cce8"
with:
args: "test --config curl/tests/container-structure-test.yml -v debug --image ghcr.io/socialgouv/docker/curl@${{ needs.Build.outputs.digest }} --pull"
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./curl/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
- Build
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: "docker pull ghcr.io/socialgouv/docker/curl:sha-${{ github.sha }}"
- name: Run Trivy vulnerability scanner
uses: "aquasecurity/trivy-action@dba83feec810c70bacbc4bead308ae1e466c572b"
with:
image-ref: "ghcr.io/socialgouv/docker/curl:sha-${{ github.sha }}"
- name: Export Trivy Results as sarif
uses: "aquasecurity/trivy-action@dba83feec810c70bacbc4bead308ae1e466c572b"
with:
format: template
image-ref: "ghcr.io/socialgouv/docker/curl:sha-${{ github.sha }}"
output: trivy-results.sarif
template: "@/contrib/sarif.tpl"
- name: Change hardcoded Dockerfile path
run: "sed -i 's/\"uri\": \"Dockerfile\"/\"uri\": \"curl\\/Dockerfile\"/' trivy-results.sarif"
- uses: "github/codeql-action/upload-sarif@a3a8231e64d3db0e7da0f3b56b9521dcccdfe412"
with:
sarif_file: trivy-results.sarif
version_test:
container: "docker://ghcr.io/socialgouv/docker/curl:sha-${{ github.sha }}"
name: Test Version
needs:
- Build
runs-on: ubuntu-latest
steps:
- run: curl --version
name: "curl (main)"
on:
push:
branches:
- master
- next
- next-major
- beta
- alpha
- "+([0-9])?(.{+([0-9]),x}).x"
tags:
- "v*"
concurrency:
cancel-in-progress: true
group: "git-deploy-${{ github.ref }}"
jobs:
build:
name: Build
needs:
- Lint
outputs:
digest: "${{ steps.docker_push.outputs.digest }}"
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- id: docker_meta
uses: "crazy-max/ghaction-docker-meta@f6efe56d565add159ad605568120f5b22712a870"
with:
images: ghcr.io/socialgouv/docker/git-deploy
labels: |
org.opencontainers.image.title=git-deploy
org.opencontainers.image.documentation=https://github.com/SocialGouv/docker/tree/${{ github.sha }}/git-deploy
tags: |
type=sha
type=raw,value=sha-${{ github.sha }}
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- id: docker_buildx
name: Set up Docker Buildx
uses: "docker/setup-buildx-action@abe5d8f79a1606a2d3e218847032f3f2b1726ab0"
with: {}
- if: "${{ github.event_name != 'pull_request' }}"
name: Login to ghcr.io/socialgouv Registry
uses: "docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9"
with:
password: "${{ secrets.GHCR_REGISTRY_TOKEN }}"
registry: ghcr.io
username: "${{ secrets.SOCIALGROOVYBOT_NAME }}"
- id: docker_push
name: Push
uses: "docker/build-push-action@1bc1040caef9e604eb543693ba89b5bf4fc80935"
with:
builder: "${{ steps.docker_buildx.outputs.name }}"
cache-from: type=gha
cache-to: "type=gha,mode=max"
context: "./git-deploy"
labels: "${{ steps.docker_meta.outputs.labels }}"
push: 'true'
tags: "${{ steps.docker_meta.outputs.tags }}"
- name: Image digest
run: |
echo "${{ steps.docker_push.outputs.digest }}"
container_test:
name: Container Test
needs:
- Build
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- name: Container structure test
uses: "docker://gcr.io/gcp-runtimes/container-structure-test:v1.10.0@sha256:78c0abfdc3696ec9fb35840d62342cf28f65d890d56beceb2113638d59f2cce8"
with:
args: "test --config git-deploy/tests/container-structure-test.yml -v debug --image ghcr.io/socialgouv/docker/git-deploy@${{ needs.Build.outputs.digest }} --pull"
integration_test:
name: Integration test
needs:
- Build
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: yarn --frozen-lockfile --prefer-offline
- run: make e2e
working-directory: git-deploy
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- uses: "docker://ghcr.io/hadolint/hadolint:2.4.0@sha256:ed22c9de9b884383094edb8930696a256c4450335945c68153d8fc8fbb27bf03"
with:
args: hadolint ./git-deploy/Dockerfile
security_scan:
name: Vulnerability Scanner
needs:
- Build
runs-on: ubuntu-latest
steps:
- uses: "actions/checkout@v2"
- run: "docker pull ghcr.io/socialgouv/docker/git-deploy:sha-${{ github.sha }}"
- name: Run Trivy vulnerability scanner
uses: "aquasecurity/trivy-action@dba83feec810c70bacbc4bead308ae1e466c572b"
with:
image-ref: "ghcr.io/socialgouv/docker/git-deploy:sha-${{ github.sha }}"
- name: Export Trivy Results as sarif
uses: "aquasecurity/trivy-action@dba83feec810c70bacbc4bead308ae1e466c572b"
with:
format: template
image-ref: "ghcr.io/socialgouv/docker/git-deploy:sha-${{ github.sha }}"
output: trivy-results.sarif
template: "@/contrib/sarif.tpl"
- name: Change hardcoded Dockerfile path
run: "sed -i 's/\"uri\": \"Dockerfile\"/\"uri\": \"git-deploy\\/Dockerfile\"/' trivy-results.sarif"
- uses: "github/codeql-action/upload-sarif@a3a8231e64d3db0e7da0f3b56b9521dcccdfe412"
with:
sarif_file: trivy-results.sarif
version_test:
container: "docker://ghcr.io/socialgouv/docker/git-deploy:sha-${{ github.sha }}"
name: Test Version