Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Push Heimdall Server to Docker Hub on every release and tag as release-latest and version | |
| on: | |
| release: | |
| types: [published] | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: 'Version' | |
| required: true | |
| permissions: | |
| contents: read | |
| jobs: | |
| docker: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Run string replace to remove the v from the version number before using it in the docker tag | |
| uses: frabert/replace-string-action@v2 | |
| id: format-tag | |
| with: | |
| pattern: 'v' | |
| string: '${{ github.event.release.tag_name || github.event.inputs.version}}' | |
| replace-with: '' | |
| flags: 'g' | |
| - name: Checkout the Heimdall Repository | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build and push the container image to Dockerhub | |
| id: docker_build | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| push: true | |
| platforms: linux/amd64 | |
| tags: mitre/heimdall2:release-latest,mitre/heimdall2:${{ steps.format-tag.outputs.replaced }} | |
| - name: Get Docker SHA since the Iron Bank release requires us to specify the exact resources we need them to pull into the environment | |
| shell: bash | |
| id: get-docker-sha | |
| run: | | |
| echo "DOCKER_SHA=$(docker pull mitre/heimdall2:${{ steps.format-tag.outputs.replaced }} > /dev/null 2>&1 && docker inspect --format='{{index .RepoDigests 0}}' mitre/heimdall2:${{ steps.format-tag.outputs.replaced }} | cut -d '@' -f 2)" >> $GITHUB_ENV | |
| - name: Upgrade Iron Bank | |
| uses: mitre/ironbank_release_action@v1 | |
| with: | |
| name: Heimdall | |
| version: ${{ steps.format-tag.outputs.replaced }} | |
| ironbank_pat: ${{ secrets.SAF_IRONBANK_REPO1_PAT }} | |
| ironbank_username: ${{ secrets.SAF_IRONBANK_REPO1_USERNAME }} | |
| ironbank_project_id: 5450 | |
| ironbank_project_clone_url: repo1.dso.mil/dsop/mitre/security-automation-framework/heimdall2.git | |
| git_commit_author_name: "Automated Heimdall Release" | |
| git_commit_author_email: "saf@mitre.org" | |
| update_commands: | | |
| yq e -i '.args.HEIMDALL_VERSION=\"${{ steps.format-tag.outputs.replaced }}\" | .tags[0]=\"${{ steps.format-tag.outputs.replaced }}\" | .labels.\"org.opencontainers.image.version\"=\"${{ steps.format-tag.outputs.replaced }}\" | .resources[1].tag=\"mitre/heimdall2:${{ steps.format-tag.outputs.replaced }}\" | .resources[1].url=\"docker://docker.io/mitre/heimdall2@${{ env.DOCKER_SHA }}\"' hardening_manifest.yaml | |
| sed -i s/HEIMDALL_VERSION=\.\*/HEIMDALL_VERSION=${{ steps.format-tag.outputs.replaced }}/ Dockerfile |