fix nektos docs link in issue template #427

Workflow file for this run

	---
	# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json

	name: ci

	on:
	push:
	branches:
	- main
	# - '!dependabot/**' # only run PR Jobs for dependabot branches
	paths:
	- '**/Dockerfile'
	- '**/docker-bake.hcl'
	pull_request:
	branches: [main]
	workflow_dispatch:

	permissions:
	contents: read

	env:
	CONTAINER_REGISTRY: ${{ (vars.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '') && 'docker.io' \|\| 'ghcr.io' }}
	CONTAINER_REGISTRY_USER: ${{ (vars.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '') && vars.DOCKERHUB_USERNAME \|\| github.repository_owner }}
	CONTAINER_PUSH: ${{ github.ref == 'refs/heads/main' && github.actor != 'nektos/act' }}
	GITHUB_SHA: ${{ github.event.pull_request.head.sha \|\| github.event.after \|\| github.sha }}
	BUILDKIT_PROGRESS: plain

	jobs:
	test:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11

	- name: Setup Docker Buildx
	uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226

	# get docker binary path to use it with env -i
	- name: Get the docker binary path
	id: docker-binary-path
	run: echo "docker-bin=$(which docker)" \| tee "${GITHUB_OUTPUT}"

	- name: Print the bake file with a empty env
	id: bake-file-no-env
	run: env -i ${{ steps.docker-binary-path.outputs.docker-bin }} buildx bake --print

	- name: Verify the tags end on -local
	run: \|
	while IFS='' read -r container_tag; do
	printf "Container tag: %s\n" "${container_tag}"
	[[ "${container_tag}" == *"-local" ]] \|\| exit 1
	done < <(env -i ${{ steps.docker-binary-path.outputs.docker-bin }} buildx bake --print \| jq -r '.target[].tags[0]')

	- name: Print the bake file with the runner env
	run: docker buildx bake --print

	- name: Verify the tags are valid
	run: \|
	while IFS='' read -r container_tag; do
	printf "Container tag: %s\n" "${container_tag}"
	[[ "${container_tag}" == *"-${REF_NAME//\//-}" ]] \|\| exit 1
	done < <(docker buildx bake --print \| jq -r '.target[].tags[0]')
	env:
	REF_NAME: ${{ github.head_ref \|\| github.ref_name }}

	generate-jobs:
	needs: [test]
	runs-on: ubuntu-latest
	outputs:
	targets: ${{ steps.targets.outputs.matrix }}
	platforms: ${{ steps.platforms.outputs.matrix }}
	steps:
	- name: Checkout code
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11

	- name: Generate targets matrix
	id: targets
	run: \|
	printf "matrix={\"targets\": %s}\n" "$(docker buildx bake --print \| jq -r '"\(.target \| keys)"')" \| tee "${GITHUB_OUTPUT}"

	- name: Generate platforms matrix
	id: platforms
	run: \|
	printf "matrix={\"targets\": %s, \"platforms\": %s}\n" "$(docker buildx bake --print \| jq -r '"\(.target \| keys)"')" "$(docker buildx bake linux-platforms --print \| jq -cr '.target."linux-platforms".platforms')" \| tee "${GITHUB_OUTPUT}"

	build:
	needs: [generate-jobs]
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: write
	pull-requests: write
	security-events: write
	strategy:
	fail-fast: ${{ github.event_name != 'pull_request' }}
	matrix: ${{ github.event_name != 'pull_request' && fromJson(needs.generate-jobs.outputs.targets) \|\| fromJson(needs.generate-jobs.outputs.platforms) }}
	steps:
	- name: Checkout code
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11

	- name: Setup QEMU
	uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3

	- name: Setup Docker Buildx
	uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226
	with:
	driver: docker-container

	# Login against a container registry
	# https://github.com/docker/login-action
	- name: Login to ${{ env.CONTAINER_REGISTRY }}
	uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d
	with:
	registry: ${{ env.CONTAINER_REGISTRY }}
	username: ${{ env.CONTAINER_REGISTRY_USER }}
	password: ${{ env.CONTAINER_REGISTRY == 'docker.io' && secrets.DOCKERHUB_TOKEN \|\| secrets.GITHUB_TOKEN }}
	logout: true

	# Free up space on the runner since the image is huge
	# kics-scan ignore-line
	- uses: ./.github/actions/free-space
	name: Free up disk space
	with:
	deleteDotnet: 'true'
	deleteAndroid: 'true'

	- name: Get meta data
	id: meta
	run: \|
	{
	printf "tag=%s\n" "$(docker buildx bake ${{ matrix.targets }} --print \| jq -r '.target[].tags[0]')";
	printf "to_tag=%s\n" "$(REF_NAME="$([[ -z "${GITHUB_BASE_REF}" ]] && git config --get init.defaultBranch \|\| echo "${GITHUB_BASE_REF}")" docker buildx bake ${{ matrix.targets }} --print \| jq -r '.target[].tags[0]')";
	} \| tee "${GITHUB_OUTPUT}"

	# Used when the image is not pushed to a registry
	- name: Create directory for docker output
	if: env.CONTAINER_PUSH
	run: 'mkdir -p "${DIRNAME}"'
	env:
	DIRNAME: ${{ format('{0}/{1}', github.workspace, matrix.platforms) }}

	# Bake the image
	- name: Build and Push
	uses: docker/bake-action@849707117b03d39aba7924c50a10376a69e88d7d
	id: bake
	with:
	files: docker-bake.hcl
	targets: ${{ matrix.targets }}
	pull: true
	provenance: ${{ github.event_name != 'pull_request' }}
	set: \|
	${{ github.event_name == 'pull_request' && '*.cache-to=' \|\| '' }}
	${{ github.event_name == 'pull_request' && format('*.output=type=docker,dest={0}/{1}/{2}.tar', github.workspace, matrix.platforms, matrix.targets) \|\| '' }}
	${{ github.event_name == 'pull_request' && format('*.platform={0}', matrix.platforms) \|\| '' }}
	push: ${{ env.CONTAINER_PUSH }}

	# Docker-Scout - Create SBOM
	- name: Create SBOM
	uses: docker/scout-action@4a5494eb7c2b3d712b805ee65ad57a0371d50874
	id: docker-scout-sbom
	continue-on-error: true
	if: env.CONTAINER_PUSH == 'true' && vars.DOCKERHUB_USERNAME != ''
	with:
	command: sbom
	image: ${{ format('registry://{0}', steps.meta.outputs.tag) }}
	only-severities: critical,high
	only-fixed: true

	# vulnerability scan the image for main branch and upload the results as a SARIF file
	- name: Analyze for critical and high CVEs
	uses: docker/scout-action@4a5494eb7c2b3d712b805ee65ad57a0371d50874
	id: docker-scout-cves
	continue-on-error: true
	if: env.CONTAINER_PUSH == 'true'
	with:
	command: cves
	only-severities: critical,high
	image: ${{ steps.meta.outputs.tag }}
	sarif-file: sarif.output.json
	summary: false
	- name: Upload SARIF result
	uses: github/codeql-action/upload-sarif@4b6aa0b07da05d6e43d0e5f9c8596a6532ce1c85
	id: upload-sarif
	if: steps.docker-scout-cves.outcome == 'success'
	with:
	sarif_file: sarif.output.json

	# vulnerability scanning to verify PRs
	- name: Docker Scout compare
	uses: docker/scout-action@4a5494eb7c2b3d712b805ee65ad57a0371d50874
	id: pr-compare
	if: github.event_name == 'pull_request' && vars.DOCKERHUB_USERNAME != ''
	with:
	command: compare
	platform: ${{ matrix.platforms }}
	image: ${{ format('archive://{0}/{1}/{2}.tar', github.workspace, matrix.platforms, matrix.targets) }}
	to: ${{ format('registry://{0}', steps.meta.outputs.to_tag) }}
	ignore-unchanged: true
	only-fixed: true
	only-severities: critical, high
	write-comment: false
	summary: ${{ github.actor != 'nektos/act' }}
	github-token: ${{ secrets.GITHUB_TOKEN }}
	organization: ${{ vars.DOCKERHUB_USERNAME}}

	approve-pr:
	needs: [build]
	runs-on: ubuntu-latest
	if: ${{ success() && contains(fromJson(format('["{0}","dependabot[bot]"]', github.repository_owner)), github.triggering_actor) && github.event_name == 'pull_request' }}
	permissions:
	contents: read
	pull-requests: write
	actions: write
	steps:
	# approve the PR (there is still a code-owner review necessary)
	- name: Approve PR
	run: gh pr review --approve "$PR_URL"
	env:
	PR_URL: ${{github.event.pull_request.html_url}}
	GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix nektos docs link in issue template #427

Workflow file

fix nektos docs link in issue template #427

Jobs

Run details

Workflow file for this run