synclounge/.github/workflows/ci.yml

name: ci

on:
  push:
    branches-ignore:
      - master

  pull_request:

jobs:
  docker:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        dockerfile:
          - Dockerfile
          - Dockerfile.web
        include:
          - dockerfile: Dockerfile
            docker-image: localhost:5000/${{ github.event.repository.full_name }}
          - dockerfile: Dockerfile.web
            docker-image: localhost:5000/${{ github.event.repository.full_name }}web

    services:
      registry:
        image: registry:latest
        ports:
          - 5000:5000

    steps:
      - name: Checkout
        uses: actions/checkout@v2.3.3

      - name: Prepare
        id: prep
        run: |
          echo ::set-output name=build-date::$(date -u +'%Y-%m-%dT%H:%M:%SZ')

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v1.0.0

      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v1.0.0
        with:
          version: latest
          driver-opts: network=host

      - name: Available platforms
        run: echo ${{ steps.buildx.outputs.platforms }}

      - name: Get platforms
        uses: actions/github-script@v3.0.0
        id: platforms
        env:
          DOCKER_CLI_EXPERIMENTAL: enabled
        with:
          result-encoding: string
          script: |
            const script = require(`${process.env.GITHUB_WORKSPACE}/.github/getDockerPlatforms.js`)
            return script("${{ matrix.dockerfile }}", "${{ steps.buildx.outputs.platforms }}");

      - name: Platforms
        run: echo ${{ steps.platforms.outputs.result }}

      - name: Cache Docker layers
        uses: actions/cache@v2.1.1
        id: cache
        with:
          path: /tmp/.buildx-cache
          key: ${{ runner.os }}-docker-${{ matrix.dockerfile }}-${{ hashFiles('**/package-lock.json') }}-${{ github.sha }}
          restore-keys: |
            ${{ runner.os }}-docker-${{ matrix.dockerfile }}-${{ hashFiles('**/package-lock.json') }}
            ${{ runner.os }}-docker-${{ matrix.dockerfile }}-
            ${{ runner.os }}-docker-

      - name: Cache hit
        run: echo ${{ steps.cache.outputs.cache-hit }}

      - name: Build and push
        id: docker-build
        uses: docker/build-push-action@v2
        with:
          push: true
          builder: ${{ steps.buildx.outputs.name }}
          context: .
          file: ./${{ matrix.dockerfile}}
          platforms: ${{ steps.platforms.outputs.result }}
          tags: ${{ matrix.docker-image }}:${{ github.sha }}
          cache-from: type=local,src=/tmp/.buildx-cache
          cache-to: type=local,dest=/tmp/.buildx-cache,mode=max
          build-args: |
            BUILD_DATE=${{ steps.prep.outputs.build-date }}
            REVISION=${{ github.sha }}

      - name: Inspect
        run: |
          docker buildx imagetools inspect ${{ matrix.docker-image }}:${{ github.sha }}

      - name: Image digest
        run: echo ${{ steps.docker-build.outputs.digest }}

      - name: Run the local Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
        uses: anchore/scan-action@v1.0.9
        with:
          image-reference: ${{ matrix.docker-image }}:${{ github.sha }}
          dockerfile-path: ${{ matrix.dockerfile }}
          acs-report-enable: true
          include-app-packages: true

      - name: Upload Anchore Scan Report
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: results.sarif

      - name: Dump context
        if: always()
        uses: crazy-max/ghaction-dump-context@v1.0.0
build(docker): add docker build action for every push and PR 2020-09-08 19:39:48 +00:00			`name: ci`

			`on:`
			`push:`
ci(ci): use branches-ignore 2020-09-09 01:55:17 +00:00			`branches-ignore:`
ci(action): pin action versions 2020-09-28 22:30:03 +00:00			`- master`
ci(ci): don't run ci on master since release will run 2020-09-08 20:59:05 +00:00
build(docker): add docker build action for every push and PR 2020-09-08 19:39:48 +00:00			`pull_request:`

			`jobs:`
ci(ci): rename job to docker 2020-09-10 20:27:26 +00:00			`docker:`
build(docker): add docker build action for every push and PR 2020-09-08 19:39:48 +00:00			`runs-on: ubuntu-latest`
ci(actions): use matrix for synclounge and syncloungeweb 2020-09-10 20:26:14 +00:00			`strategy:`
			`fail-fast: false`
			`matrix:`
			`dockerfile:`
			`- Dockerfile`
			`- Dockerfile.web`
			`include:`
			`- dockerfile: Dockerfile`
ci(ci): fix local registry url 2020-09-10 21:48:21 +00:00			`docker-image: localhost:5000/${{ github.event.repository.full_name }}`
ci(actions): use matrix for synclounge and syncloungeweb 2020-09-10 20:26:14 +00:00			`- dockerfile: Dockerfile.web`
ci(ci): fix local registry url 2020-09-10 21:48:21 +00:00			`docker-image: localhost:5000/${{ github.event.repository.full_name }}web`
ci(actions): use matrix for synclounge and syncloungeweb 2020-09-10 20:26:14 +00:00
			`services:`
			`registry:`
ci(docker): allow container access to host network 2020-09-10 22:10:31 +00:00			`image: registry:latest`
ci(actions): use matrix for synclounge and syncloungeweb 2020-09-10 20:26:14 +00:00			`ports:`
			`- 5000:5000`

build(docker): add docker build action for every push and PR 2020-09-08 19:39:48 +00:00			`steps:`
ci(actions): use matrix for synclounge and syncloungeweb 2020-09-10 20:26:14 +00:00			`- name: Checkout`
ci(action): pin action versions 2020-09-28 22:30:03 +00:00			`uses: actions/checkout@v2.3.3`
build(docker): add docker build action for every push and PR 2020-09-08 19:39:48 +00:00
ci(actions): use matrix for synclounge and syncloungeweb 2020-09-10 20:26:14 +00:00			`- name: Prepare`
build(docker): add docker build action for every push and PR 2020-09-08 19:39:48 +00:00			`id: prep`
			`run: \|`
ci(actions): use matrix for synclounge and syncloungeweb 2020-09-10 20:26:14 +00:00			`echo ::set-output name=build-date::$(date -u +'%Y-%m-%dT%H:%M:%SZ')`
build(docker): add docker build action for every push and PR 2020-09-08 19:39:48 +00:00
ci(actions): use matrix for synclounge and syncloungeweb 2020-09-10 20:26:14 +00:00			`- name: Set up QEMU`
ci(action): pin docker setup versions 2020-09-28 23:22:01 +00:00			`uses: docker/setup-qemu-action@v1.0.0`
build(docker): add docker build action for every push and PR 2020-09-08 19:39:48 +00:00
ci(actions): use matrix for synclounge and syncloungeweb 2020-09-10 20:26:14 +00:00			`- name: Set up Docker Buildx`
build(docker): add docker build action for every push and PR 2020-09-08 19:39:48 +00:00			`id: buildx`
ci(action): pin docker setup versions 2020-09-28 23:22:01 +00:00			`uses: docker/setup-buildx-action@v1.0.0`
build(docker): add docker build action for every push and PR 2020-09-08 19:39:48 +00:00			`with:`
			`version: latest`
ci(docker): allow container access to host network 2020-09-10 22:10:31 +00:00			`driver-opts: network=host`
build(docker): add docker build action for every push and PR 2020-09-08 19:39:48 +00:00
ci(docker): use outputted available platforms 2020-09-10 20:50:29 +00:00			`- name: Available platforms`
			`run: echo ${{ steps.buildx.outputs.platforms }}`

ci(docker): use platforms of base image 2020-09-28 06:17:17 +00:00			`- name: Get platforms`
ci(action): pin action versions 2020-09-28 22:30:03 +00:00			`uses: actions/github-script@v3.0.0`
ci(docker): use platforms of base image 2020-09-28 06:17:17 +00:00			`id: platforms`
			`env:`
			`DOCKER_CLI_EXPERIMENTAL: enabled`
			`with:`
			`result-encoding: string`
			`script: \|`
			const script = require(`${process.env.GITHUB_WORKSPACE}/.github/getDockerPlatforms.js`)
			`return script("${{ matrix.dockerfile }}", "${{ steps.buildx.outputs.platforms }}");`

			`- name: Platforms`
			`run: echo ${{ steps.platforms.outputs.result }}`

ci(actions): use matrix for synclounge and syncloungeweb 2020-09-10 20:26:14 +00:00			`- name: Cache Docker layers`
ci(action): pin action versions 2020-09-28 22:30:03 +00:00			`uses: actions/cache@v2.1.1`
build(docker): add docker build action for every push and PR 2020-09-08 19:39:48 +00:00			`id: cache`
			`with:`
			`path: /tmp/.buildx-cache`
ci(actions): use matrix for synclounge and syncloungeweb 2020-09-10 20:26:14 +00:00			`key: ${{ runner.os }}-docker-${{ matrix.dockerfile }}-${{ hashFiles('**/package-lock.json') }}-${{ github.sha }}`
build(docker): add docker build action for every push and PR 2020-09-08 19:39:48 +00:00			`restore-keys: \|`
ci(actions): use matrix for synclounge and syncloungeweb 2020-09-10 20:26:14 +00:00			`${{ runner.os }}-docker-${{ matrix.dockerfile }}-${{ hashFiles('**/package-lock.json') }}`
			`${{ runner.os }}-docker-${{ matrix.dockerfile }}-`
			`${{ runner.os }}-docker-`
build(docker): add docker build action for every push and PR 2020-09-08 19:39:48 +00:00
ci(actions): add cache hit outputs 2020-09-10 21:52:56 +00:00			`- name: Cache hit`
			`run: echo ${{ steps.cache.outputs.cache-hit }}`

ci(actions): use matrix for synclounge and syncloungeweb 2020-09-10 20:26:14 +00:00			`- name: Build and push`
			`id: docker-build`
build(docker): add docker build action for every push and PR 2020-09-08 19:39:48 +00:00			`uses: docker/build-push-action@v2`
			`with:`
ci(actions): use matrix for synclounge and syncloungeweb 2020-09-10 20:26:14 +00:00			`push: true`
build(docker): add docker build action for every push and PR 2020-09-08 19:39:48 +00:00			`builder: ${{ steps.buildx.outputs.name }}`
			`context: .`
ci(actions): use matrix for synclounge and syncloungeweb 2020-09-10 20:26:14 +00:00			`file: ./${{ matrix.dockerfile}}`
ci(docker): use platforms of base image 2020-09-28 06:17:17 +00:00			`platforms: ${{ steps.platforms.outputs.result }}`
ci(actions): use matrix for synclounge and syncloungeweb 2020-09-10 20:26:14 +00:00			`tags: ${{ matrix.docker-image }}:${{ github.sha }}`
build(docker): add docker build action for every push and PR 2020-09-08 19:39:48 +00:00			`cache-from: type=local,src=/tmp/.buildx-cache`
ci(docker): use cache mode max 2020-09-10 17:28:27 +00:00			`cache-to: type=local,dest=/tmp/.buildx-cache,mode=max`
build(docker): add docker build action for every push and PR 2020-09-08 19:39:48 +00:00			`build-args: \|`
ci(actions): use matrix for synclounge and syncloungeweb 2020-09-10 20:26:14 +00:00			`BUILD_DATE=${{ steps.prep.outputs.build-date }}`
build(docker): add docker build action for every push and PR 2020-09-08 19:39:48 +00:00			`REVISION=${{ github.sha }}`

ci(actions): use matrix for synclounge and syncloungeweb 2020-09-10 20:26:14 +00:00			`- name: Inspect`
build(docker): add docker build action for every push and PR 2020-09-08 19:39:48 +00:00			`run: \|`
ci(actions): use matrix for synclounge and syncloungeweb 2020-09-10 20:26:14 +00:00			`docker buildx imagetools inspect ${{ matrix.docker-image }}:${{ github.sha }}`
build(docker): add docker build action for every push and PR 2020-09-08 19:39:48 +00:00
ci(actions): use matrix for synclounge and syncloungeweb 2020-09-10 20:26:14 +00:00			`- name: Image digest`
			`run: echo ${{ steps.docker-build.outputs.digest }}`
build(docker): add docker build action for every push and PR 2020-09-08 19:39:48 +00:00
ci(ci): combine ci and anchor 2020-09-29 01:14:27 +00:00			`- name: Run the local Anchore scan action itself with GitHub Advanced Security code scanning integration enabled`
			`uses: anchore/scan-action@v1.0.9`
			`with:`
			`image-reference: ${{ matrix.docker-image }}:${{ github.sha }}`
			`dockerfile-path: ${{ matrix.dockerfile }}`
			`acs-report-enable: true`
			`include-app-packages: true`

			`- name: Upload Anchore Scan Report`
			`uses: github/codeql-action/upload-sarif@v1`
			`with:`
			`sarif_file: results.sarif`

ci(actions): use matrix for synclounge and syncloungeweb 2020-09-10 20:26:14 +00:00			`- name: Dump context`
			`if: always()`
ci(action): pin action versions 2020-09-28 22:30:03 +00:00			`uses: crazy-max/ghaction-dump-context@v1.0.0`