Skip to content

[Add]- Support redis sentinel pdb #9

[Add]- Support redis sentinel pdb

[Add]- Support redis sentinel pdb #9

Workflow file for this run

name: Release container images
on:
pull_request:
types: [closed]
branches:
- master
env:
ApplicationName: redis-operator
QuayImageName: quay.io/opstree/redis-operator
AppVersion: "v0.15.0"
DOCKERFILE_PATH: '**/Dockerfile'
jobs:
setup:
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to Quay.io
uses: docker/login-action@v2
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.ACCESS_TOKEN }}
build_arm64:
needs: setup
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
steps:
- name: Check existing AppVersion
id: check_version_arm64
run: |
EXISTS=$(curl -s https://quay.io/api/v1/repository/${{ env.QuayImageName }}/tag/?specificTag=${{ env.AppVersion }}-arm64 | jq '.tags | length')
echo "::set-output name=exists::$EXISTS"
- name: Build and push arm64 image
if: steps.check_version_arm64.outputs.exists == '0'
uses: docker/build-push-action@v2
with:
context: .
file: ${{ env.DOCKERFILE_PATH }}
platforms: linux/arm64
push: true
tags: ${{ env.QuayImageName }}:${{ env.AppVersion }}-arm64
build_amd64:
needs: setup
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
steps:
- name: Check existing AppVersion
id: check_version_amd64
run: |
EXISTS=$(curl -s https://quay.io/api/v1/repository/${{ env.QuayImageName }}/tag/?specificTag=${{ env.AppVersion }}-amd64 | jq '.tags | length')
echo "::set-output name=exists::$EXISTS"
- name: Build and push amd64 image
if: steps.check_version_amd64.outputs.exists == '0'
uses: docker/build-push-action@v2
with:
context: .
file: ${{ env.DOCKERFILE_PATH }}
platforms: linux/amd64
push: true
tags: ${{ env.QuayImageName }}:${{ env.AppVersion }}-amd64
build_multi_arch:
needs: setup
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
steps:
- name: Check existing AppVersion
id: check_version_multi_arch
run: |
EXISTS=$(curl -s https://quay.io/api/v1/repository/${{ env.QuayImageName }}/tag/?specificTag=${{ env.AppVersion }} | jq '.tags | length')
echo "::set-output name=exists::$EXISTS"
- name: Build and push multi-arch image
if: steps.check_version_multi_arch.outputs.exists == '0'
uses: docker/build-push-action@v2
with:
context: .
file: ${{ env.DOCKERFILE_PATH }}
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ env.QuayImageName }}:${{ env.AppVersion }}
- name: Build and push multi-arch latest image
uses: docker/build-push-action@v2
with:
context: .
file: ${{ env.DOCKERFILE_PATH }}
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ env.QuayImageName }}:latest
trivy_scan:
needs: [build_arm64, build_amd64, build_multi_arch]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Run Trivy vulnerability scanner for arm64 image
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.QuayImageName }}:${{ env.AppVersion }}-arm64
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results-arm64.sarif'
exit-code: '1'
ignore-unfixed: true
severity: 'CRITICAL,HIGH'
- name: Run Trivy vulnerability scanner for amd64 image
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.QuayImageName }}:${{ env.AppVersion }}-amd64
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results-amd64.sarif'
exit-code: '1'
ignore-unfixed: true
severity: 'CRITICAL,HIGH'
- name: Run Trivy vulnerability scanner for multi-arch image
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.QuayImageName }}:${{ env.AppVersion }}
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results-latest.sarif'
exit-code: '1'
ignore-unfixed: true
severity: 'CRITICAL,HIGH'
- name: Run Trivy vulnerability scanner for latest image
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.QuayImageName }}:latest
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results-latest.sarif'
exit-code: '1'
ignore-unfixed: true
severity: 'CRITICAL,HIGH'