Skip to content

chore(deps): update semaphoreui/semaphore docker tag to v2.10.35 #154

chore(deps): update semaphoreui/semaphore docker tag to v2.10.35

chore(deps): update semaphoreui/semaphore docker tag to v2.10.35 #154

Workflow file for this run

name: CI
on:
push:
branches:
- "main"
pull_request:
permissions:
contents: write
packages: write
pull-requests: write
security-events: write
env:
APP_NAME: ansible-semaphore
jobs:
build_and_test:
name: Build and Test
runs-on: ubuntu-latest
steps:
- name: Generate GitHub App Token ๐Ÿช™
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2
id: generate-token
with:
app_id: ${{ secrets.BRAID_BOT_APP_ID }}
private_key: ${{ secrets.BRAID_BOT_PRIVATE_KEY }}
- name: Checkout ๐Ÿ””
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
ref: ${{ github.head_ref }}
token: ${{ steps.generate-token.outputs.token }}
- name: Setup Docker Buildx ๐Ÿ–ฅ๏ธ
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3
- name: Build Container ๐Ÿ—๏ธ
uses: docker/build-push-action@15560696de535e4014efeff63c48f16952e52dd1 # v6
with:
context: .
push: false
release:
name: Release
if: github.event_name != 'pull_request'
runs-on: ubuntu-latest
needs:
- build_and_test
outputs:
skipped: ${{ steps.changelog.outputs.skipped }}
tag: ${{ steps.changelog.outputs.tag }}
clean_changelog: ${{ steps.changelog.outputs.clean_changelog }}
version: ${{ steps.changelog.outputs.version }}
steps:
- name: Generate GitHub App Token ๐Ÿช™
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2
id: generate-token
with:
app_id: ${{ secrets.BRAID_BOT_APP_ID }}
private_key: ${{ secrets.BRAID_BOT_PRIVATE_KEY }}
- name: Checkout ๐Ÿ””
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
ref: ${{ github.head_ref }}
token: ${{ steps.generate-token.outputs.token }}
- name: Conventional Changelog Action ๐Ÿ“‹
id: changelog
uses: TriPSs/conventional-changelog-action@3a392e9aa44a72686b0fc13259a90d287dd0877c # v5
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
git-user-name: "braid-bot[bot]"
git-user-email: "169546839+braid-bot[bot]@users.noreply.github.com"
release-count: 10
version-file: package.yaml
create-summary: true
- name: Generate Release ๐Ÿ“ฆ
if: ${{ steps.changelog.outputs.skipped == 'false' }}
uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 # v2
with:
tag_name: ${{ steps.changelog.outputs.tag }}
name: ${{ steps.changelog.outputs.tag }}
generate_release_notes: true
body: ${{ steps.changelog.outputs.clean_changelog }}
publish:
name: Publish
if: github.event_name != 'pull_request' && needs.release.outputs.skipped == 'false'
runs-on: ubuntu-latest
needs:
- release
steps:
- name: Generate GitHub App Token ๐Ÿช™
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2
id: generate-token
with:
app_id: ${{ secrets.BRAID_BOT_APP_ID }}
private_key: ${{ secrets.BRAID_BOT_PRIVATE_KEY }}
- name: Checkout ๐Ÿ””
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
ref: ${{ github.head_ref }}
token: ${{ steps.generate-token.outputs.token }}
- name: Login to GitHub Container Registry ๐Ÿ”“
if: github.event_name != 'pull_request'
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker Metadata ๐Ÿท๏ธ
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5
with:
images: |
ghcr.io/${{ github.repository_owner }}/${{ env.APP_NAME }}
tags: |
latest
${{ needs.release.outputs.version}}
${{ github.sha }}
- name: Setup QEMU ๐Ÿ–ฅ๏ธ
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3
- name: Setup Docker Buildx ๐Ÿ–ฅ๏ธ
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3
- name: Build and push ๐Ÿ—๏ธ
uses: docker/build-push-action@15560696de535e4014efeff63c48f16952e52dd1 # v6
with:
context: .
platforms: linux/amd64,linux/arm64
provenance: false
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Run Trivy Vulnerability Scanner ๐Ÿฐ
uses: aquasecurity/trivy-action@master
with:
image-ref: ghcr.io/${{ github.repository_owner }}/${{ env.APP_NAME }}:${{ github.sha }}
format: 'sarif'
output: 'trivy-results.sarif'
vuln-type: 'os,library'
severity: "HIGH,CRITICAL"
- name: Upload Trivy scan results to GitHub Security tab ๐Ÿ“ฎ
uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3
with:
sarif_file: 'trivy-results.sarif'