Skip to content
buildx

Add optional SQLite startup mode for lightweight Moodle environments #421

Sign in to view logs

Add optional SQLite startup mode for lightweight Moodle environments

Add optional SQLite startup mode for lightweight Moodle environments #421

Workflow file for this run

.github/workflows/build.yml at fa4fbcd
name: buildx
on:
push:
tags:
- 'v*'
branches:
- main
pull_request:
workflow_dispatch:
inputs:
moodle_version:
description: 'Moodle version tag'
required: true
jobs:
buildx:
runs-on: ubuntu-latest
steps:
# Step 1: Checkout the code
- name: Checkout
uses: actions/checkout@v6
# Step 2: Extract metadata for Docker
- name: Docker meta
id: meta
uses: docker/metadata-action@v6
with:
images: |
${{ github.repository }}
ghcr.io/${{ github.repository }}
tags: |
type=ref,event=tag
type=raw,value=latest,enable=${{ github.ref_type == 'tag' }}
type=raw,value=main,enable=${{ github.ref == 'refs/heads/main' }}
type=raw,value=beta,enable=${{ github.ref == 'refs/heads/main' }}
# Step 3: Set up QEMU for multi-platform builds
- name: Set up QEMU
id: qemu
uses: docker/setup-qemu-action@v4
with:
platforms: all
# Step 4: Set up Docker Buildx
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v4
with:
driver-opts: |
network=host
# Step 5: Login to DockerHub and GHCR
- name: Login to DockerHub
if: github.event_name != 'pull_request'
uses: docker/login-action@v4
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to GHCR
if: github.event_name != 'pull_request'
uses: docker/login-action@v4
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Step 6: Lint Dockerfile
- name: Hadolint Action
uses: hadolint/hadolint-action@v3.3.0
with:
format: sarif
output-file: hadolint-results.sarif
no-fail: true
- name: Upload SARIF results
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: hadolint-results.sarif
category: hadolint-dockerfile
# Step 7: Determine Moodle version
- name: Determine Moodle version
id: moodle_version
run: |
if [[ $GITHUB_REF == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/}
echo "version=${VERSION}" >> $GITHUB_OUTPUT
else
echo "version=main" >> $GITHUB_OUTPUT
fi
# Step 8: Test build (for PRs)
- name: Debug Build on PR
if: github.event_name == 'pull_request'
run: |
docker buildx build --load .
# Step 9: Test the built image
- name: Test
run: |
docker compose version
docker compose --file docker-compose.test.yml up --exit-code-from sut --timeout 10 --build
# Step 10: Build and Push to both registries in a single step
- name: Build and push
if: github.event_name != 'pull_request'
uses: docker/build-push-action@v7
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/386,linux/ppc64le,linux/s390x
build-args: |
MOODLE_VERSION=${{ steps.moodle_version.outputs.version }}
cache-from: type=gha
cache-to: type=gha,mode=max
# Step 11: Run Trivy vulnerability scanner
- name: Run Trivy vulnerability scanner
if: github.event_name != 'pull_request'
uses: aquasecurity/trivy-action@master
with:
image-ref: ghcr.io/${{ github.repository }}:${{ steps.meta.outputs.tags && steps.meta.outputs.tags[0] || 'main' }}
format: 'table'
exit-code: '0'
severity: 'CRITICAL,HIGH'
# Step 12: Update Docker Hub Description
- name: Docker Hub Description
if: startsWith(github.ref, 'refs/tags/')
uses: peter-evans/dockerhub-description@v5
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
short-description: ${{ github.event.repository.description }}