You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ki...@apache.org on 2022/06/08 06:52:10 UTC
[trafficserver-ingress-controller] branch master updated: Publish package to ghcr (#124)
This is an automated email from the ASF dual-hosted git repository.
kichan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver-ingress-controller.git
The following commit(s) were added to refs/heads/master by this push:
new f77a501 Publish package to ghcr (#124)
f77a501 is described below
commit f77a5015219124939d528a5b0fb9c532c8aed670
Author: Kit Chan <ki...@apache.org>
AuthorDate: Tue Jun 7 23:52:06 2022 -0700
Publish package to ghcr (#124)
---
.github/workflows/build.yml | 48 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 48 insertions(+)
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 5d6c655..768311e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -9,9 +9,17 @@ on:
- 'charts/**'
- 'docs/**'
+env:
+ REGISTRY: ghcr.io
+ IMAGE_NAME: apache/ats-ingress
+
jobs:
build-and-integrate:
runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: write
+ security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
steps:
- name: Checkout
@@ -53,3 +61,43 @@ jobs:
run: |
cd tests
pytest -q --minikubeip="$(minikube ip)" suite/test_ingress.py
+
+ - name: Log in to the Container registry
+ if: github.repository == 'apache/trafficserver-ingress-controller'
+ uses: docker/login-action@v2
+ with:
+ registry: ${{ env.REGISTRY }}
+ username: ${{ github.actor }}
+ password: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Extract metadata (tags, labels) for Docker
+ if: github.repository == 'apache/trafficserver-ingress-controller'
+ id: meta
+ uses: docker/metadata-action@v4
+ with:
+ images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+ tags: |
+ type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }}
+
+ - name: Build and push Docker image
+ if: github.repository == 'apache/trafficserver-ingress-controller'
+ uses: docker/build-push-action@v3
+ with:
+ context: .
+ push: true
+ tags: ${{ steps.meta.outputs.tags }}
+ labels: ${{ steps.meta.outputs.labels }}
+
+ - name: Run Trivy vulnerability scanner
+ if: github.repository == 'apache/trafficserver-ingress-controller'
+ uses: aquasecurity/trivy-action@master
+ with:
+ image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+ format: 'sarif'
+ output: 'trivy-results.sarif'
+
+ - name: Upload Trivy scan results to GitHub Security tab
+ if: github.repository == 'apache/trafficserver-ingress-controller'
+ uses: github/codeql-action/upload-sarif@v2
+ with:
+ sarif_file: 'trivy-results.sarif'