perf(deps): update all digest updates (#1296) #2272
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker | |
| on: | |
| pull_request: | |
| workflow_dispatch: | |
| merge_group: | |
| schedule: | |
| - cron: "0 0 * * *" | |
| push: | |
| branches: [ "main" ] | |
| release: | |
| types: [ published ] | |
| permissions: read-all | |
| jobs: | |
| lint: | |
| name: Lint Dockerfile | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0 | |
| build: | |
| name: Build and publish | |
| runs-on: ubuntu-24.04-arm | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| security-events: write | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ github.token }} | |
| - uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 | |
| - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 | |
| - uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 | |
| id: meta | |
| env: | |
| DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| tags: | | |
| type=schedule | |
| type=semver,pattern={{raw}} | |
| type=semver,pattern=v{{major}}.{{minor}} | |
| type=semver,pattern=v{{major}} | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| # on.schedule: nightly | |
| # on.push:tag: latest (auto), v1.2.3, v.1,2, v.1 | |
| # on.push.branch: branchName | |
| # on.pull_request: pr-number (won't be pushed) | |
| - uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0 | |
| with: | |
| push: ${{ github.event_name != 'pull_request' && github.event_name != 'merge_group' }} | |
| files: | | |
| cwd://${{ steps.meta.outputs.bake-file }} | |
| cwd://${{ steps.meta.outputs.bake-file-annotations }} | |
| ./docker-bake.hcl | |
| sbom: true | |
| provenance: true | |
| set: | | |
| *.cache-from=type=gha | |
| *.cache-to=type=gha,mode=max | |
| - uses: anchore/scan-action@e1165082ffb1fe366ebaf02d8526e7c4989ea9d2 # v7.4.0 | |
| id: scan | |
| if: ${{ github.event_name != 'pull_request' && github.event_name != 'merge_group' }} | |
| with: | |
| image: "ghcr.io/bsstudio/robonaut-server:${{ env.DOCKER_METADATA_OUTPUT_VERSION }}" | |
| cache-db: true | |
| severity-cutoff: 'high' | |
| fail-build: false | |
| - uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 | |
| if: ${{ github.event_name != 'pull_request' && github.event_name != 'merge_group' }} | |
| with: | |
| sarif_file: ${{ steps.scan.outputs.sarif }} |