dangeroustech/zerotierbridge
1
0
Fork 0
mirror of https://github.com/dangeroustech/ZeroTierBridge.git synced 2025-12-06 00:56:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
6c40c0134f328ca36d86049bd20c460b23e7436b
zerotierbridge/.github/workflows/docker-build.yml
dependabot[bot] 6c40c0134f chore(deps): bump actions/checkout from 5 to 6 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-11-24 11:43:35 +00:00

138 lines
3.8 KiB
YAML
Raw Blame History

name: Publish Docker Image
permissions:
actions: read
checks: read
contents: write
deployments: read
issues: read
discussions: read
packages: read
pages: read
pull-requests: read
repository-projects: read
security-events: write
statuses: read
concurrency:
group: docker-release-${{ github.ref }}
cancel-in-progress: true
on:
pull_request:
branches:
- main
push:
branches:
- main
env:
REGISTRY_IMAGE: registry.dangerous.tech/dangeroustech/zerotierbridge
jobs:
Docker_Build:
name: Docker Build And Release
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v6
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Registry
if: github.event_name != 'pull_request'
id: login
uses: docker/login-action@v3
with:
registry: registry.dangerous.tech
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Build
id: docker_build
uses: docker/build-push-action@v6
with:
context: .
build-args: |
VERSION=1.16.0-2
push: ${{ github.event_name != 'pull_request' }}
platforms: linux/amd64,linux/arm64
tags: ${{ env.REGISTRY_IMAGE }}:latest
provenance: false
sbom: false
outputs: type=registry,compression=zstd,compression-level=6,oci-mediatypes=true,force-compression=true
cache-from: type=gha
cache-to: type=gha,mode=max
MergeRefs:
name: Publish Multi-Arch Image And Release
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
needs:
- Docker_Build
steps:
- name: Login to Registry
id: login
uses: docker/login-action@v3
with:
registry: registry.dangerous.tech
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Generate SBOM
uses: anchore/sbom-action@v0
id: sbom
with:
image: registry.dangerous.tech/dangeroustech/zerotierbridge:latest
registry-username: ${{ secrets.REGISTRY_USERNAME }}
registry-password: ${{ secrets.REGISTRY_PASSWORD }}
format: spdx-json
output-file: ./sbom.spdx.json
- name: Scan SBOM
uses: anchore/scan-action@v7
id: scan
with:
sbom: sbom.spdx.json
severity-cutoff: medium
fail-build: false
only-fixed: true
- name: upload Anchore scan SARIF report
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
- name: Checkout Repository
uses: actions/checkout@v6
- name: Changelog
uses: TriPSs/conventional-changelog-action@v6
id: changelog
if: ${{ github.event_name != 'pull_request' }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
git-message: "chore 🤖: Release {version}"
output-file: CHANGELOG.md
tag-prefix: v
fallback-version: 1.0.0
release-count: 0 # preserve all versions in changelog
skip-on-empty: false # otherwise we don't publish fixes
- name: Create Release
uses: softprops/action-gh-release@v2
id: release
if: ${{ steps.changelog.outputs.skipped == 'false' }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.changelog.outputs.tag }}
name: ${{ steps.changelog.outputs.tag }}
body: ${{ steps.changelog.outputs.clean_changelog }}
files: |
sbom.spdx.json
Reference in New Issue View Git Blame Copy Permalink