1010 branches :
1111 - " main"
1212
13+ permissions :
14+ contents : read
15+ pull-requests : write
16+
17+ env :
18+ PLATFORMS : linux/amd64,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x
19+
1320jobs :
14- docker :
21+ build :
1522 runs-on : ubuntu-latest
1623 steps :
1724 - name : Checkout
@@ -25,35 +32,48 @@ jobs:
2532 with :
2633 username : ${{ secrets.DOCKERHUB_USERNAME }}
2734 password : ${{ secrets.DOCKERHUB_TOKEN }}
28- - name : Build and export
35+ - name : Extract Docker metadata
36+ id : meta
37+ uses : docker/metadata-action@v5
38+ with :
39+ images : |
40+ ${{ vars.DOCKERHUB_IMAGE }}
41+ labels : |
42+ org.opencontainers.image.title=docker-diskmark
43+ org.opencontainers.image.description=A disk benchmarking tool for Docker
44+ org.opencontainers.image.revision=${{ env.SHA }}
45+ tags : |
46+ type=semver,pattern={{version}}
47+ type=semver,pattern={{major}}.{{minor}}
48+ type=semver,pattern={{major}}
49+ type=edge,branch=$repo.default_branch
50+ type=sha,prefix=,suffix=,format=short
51+ name : Build and push Docker image
2952 uses : docker/build-push-action@v5
3053 with :
3154 context : .
32- platforms : linux/amd64,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x
33- cache-from : type=registry,ref=${{ vars.DOCKERHUB_IMAGE }}:buildcache
34- cache-to : type=registry,ref=${{ vars.DOCKERHUB_IMAGE }}:buildcache,mode=max
55+ platforms : ${{ env.PLATFORMS }}
56+ cache-from : type=gha
57+ cache-to : type=gha
3558 push : true
36- tags : ${{ vars.DOCKERHUB_IMAGE }}:${{ github.sha }}
37- - name : Push semver tags
38- if : github.ref_type == 'tag'
39- run : |
40- GITHUB_REF=${{ github.ref }}
41- GITHUB_TAG=${GITHUB_REF#refs/tags/}
42- TAGS=""
43- if [ "${GITHUB_TAG}" != *-* ]; then # if not a pre-release
44- TAGS+=" --tag ${{ vars.DOCKERHUB_IMAGE }}:${GITHUB_TAG%%.*}" # major version tag (e.g. 1)
45- TAGS+=" --tag ${{ vars.DOCKERHUB_IMAGE }}:${GITHUB_TAG%.*}" # major.minor version tag (e.g. 1.2)
46- fi
47- TAGS+=" --tag ${{ vars.DOCKERHUB_IMAGE }}:${GITHUB_TAG}" # full version tag (e.g. 1.2.3-rc.4)
48- docker buildx imagetools create ${TAGS} ${{ vars.DOCKERHUB_IMAGE }}:${{ github.sha }}
49- name : Push "latest" tag
50- if : github.ref == 'refs/heads/main'
51- run : |
52- docker buildx imagetools create \
53- --tag ${{ vars.DOCKERHUB_IMAGE }}:latest \
54- ${{ vars.DOCKERHUB_IMAGE }}:${{ github.sha }}
59+ tags : ${{ steps.meta.outputs.tags }}
60+ labels : ${{ steps.meta.outputs.labels }}
61+ - name : Docker Scout
62+ id : docker-scout
63+ if : ${{ github.event_name == 'pull_request' }}
64+ uses : docker/scout-action@v1
65+ with :
66+ command : cves,recommendations,compare
67+ image : ${{ steps.meta.outputs.tags }}
68+ to : ${{ vars.DOCKERHUB_IMAGE }}:latest
69+ ignore-base : true
70+ ignore-unchanged : true
71+ only-fixed : true
72+ # only-severities: critical,high
73+ write-comment : true
74+ github-token : ${{ secrets.GITHUB_TOKEN }}
5575 - name : Update repo description
56- if : github.ref == 'refs/heads/main'
76+ if : ${{ github.ref == 'refs/heads/main' }}
5777 uses : peter-evans/dockerhub-description@v3
5878 with :
5979 username : ${{ secrets.DOCKERHUB_USERNAME }}
0 commit comments