You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ki...@apache.org on 2022/06/08 06:52:10 UTC

[trafficserver-ingress-controller] branch master updated: Publish package to ghcr (#124)

This is an automated email from the ASF dual-hosted git repository.

kichan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver-ingress-controller.git


The following commit(s) were added to refs/heads/master by this push:
     new f77a501  Publish package to ghcr (#124)
f77a501 is described below

commit f77a5015219124939d528a5b0fb9c532c8aed670
Author: Kit Chan <ki...@apache.org>
AuthorDate: Tue Jun 7 23:52:06 2022 -0700

    Publish package to ghcr (#124)
---
 .github/workflows/build.yml | 48 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 5d6c655..768311e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -9,9 +9,17 @@ on:
     - 'charts/**'
     - 'docs/**'
 
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: apache/ats-ingress
+
 jobs:
   build-and-integrate:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
 
     steps:
       - name: Checkout
@@ -53,3 +61,43 @@ jobs:
         run: |
           cd tests
           pytest -q --minikubeip="$(minikube ip)" suite/test_ingress.py
+
+      - name: Log in to the Container registry
+        if: github.repository == 'apache/trafficserver-ingress-controller'
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        if: github.repository == 'apache/trafficserver-ingress-controller'
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }}
+
+      - name: Build and push Docker image
+        if: github.repository == 'apache/trafficserver-ingress-controller'
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Run Trivy vulnerability scanner
+        if: github.repository == 'apache/trafficserver-ingress-controller'
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        if: github.repository == 'apache/trafficserver-ingress-controller'
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'