OCram85/code-server
Archived
1
0
Fork 0
Code Pull Requests 2 Activity

fix(ci): build+push image in release flow (#3838)

Browse Source
This commit is contained in:
Akash Satheesan
2021-07-29 23:31:46 +05:30
committed by GitHub
parent 0283c35225
commit 93c89ba0e8
8 changed files with 74 additions and 166 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
.github/workflows/ci.yaml vendored
View File

@ -402,73 +402,6 @@ jobs:
- name: Remove release packages and test artifacts
run: rm -rf ./release-packages ./test/test-results
# Builds both amd64 and arm64 images
docker-images:
runs-on: ubuntu-latest
needs: [package-linux-amd64, package-linux-arm64]
steps:
- uses: actions/checkout@v2
- name: Download release package
uses: actions/download-artifact@v2
with:
name: release-packages
path: ./release-packages
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Run ./ci/steps/build-docker-image.sh
run: ./ci/steps/build-docker-image.sh
- name: Upload release images
uses: actions/upload-artifact@v2
with:
name: release-images
path: ./release-images
trivy-scan-image:
runs-on: ubuntu-20.04
needs: docker-images
# NOTE@jsjoeio: disabling due to a memory issue upstream
# See: https://github.com/github/codeql-action/issues/528
if: 1 == 2
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Download release images
uses: actions/download-artifact@v2
with:
name: release-images
path: ./release-images
- name: Run Trivy vulnerability scanner in image mode
# Commit SHA for v0.0.17
uses: aquasecurity/trivy-action@9438b49cc3156b2e8c77c1ba8ffbaa3bae24e3c2
with:
input: "./release-images/code-server-amd64-*.tar"
scan-type: "image"
ignore-unfixed: true
format: "template"
template: "@/contrib/sarif.tpl"
output: "trivy-image-results.sarif"
severity: "HIGH,CRITICAL"
- name: Debug Trivy SARIF file
run: cat trivy-image-results.sarif && ls -l trivy-image-results.sarif
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: "trivy-image-results.sarif"
# We have to use two trivy jobs
# because GitHub only allows
# codeql/upload-sarif action per job
trivy-scan-repo:
runs-on: ubuntu-20.04
steps:

28
.github/workflows/docker.yaml vendored Normal file
View File

@ -0,0 +1,28 @@
name: Publish on Docker
on:
# Shows the manual trigger in GitHub UI
# helpful as a back-up in case the GitHub Actions Workflow fails
workflow_dispatch:
release:
types: [published]
jobs:
docker-images:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Run ./ci/steps/docker-buildx-push.sh
run: ./ci/steps/docker-buildx-push.sh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}

16
.github/workflows/publish.yaml → .github/workflows/npm-brew.yaml vendored
View File

@ -1,4 +1,4 @@
name: publish
name: Publish on npm and brew
on:
# Shows the manual trigger in GitHub UI
@ -22,20 +22,6 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
# NOTE: this job requires curl, jq and docker
# All of them are included in ubuntu-latest.
docker:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Run ./ci/steps/push-docker-manifest.sh
run: ./ci/steps/push-docker-manifest.sh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
homebrew:
# The newest version of code-server needs to be available on npm when this runs
# otherwise, it will 404 and won't open a PR to bump version on homebrew/homebrew-core