on: push: branches: - main pull_request: branches: - main release: types: - published name: build-test jobs: build-test: name: Build and test ZOT runs-on: ubuntu-latest steps: - name: Run build and test timeout-minutes: 60 run: | echo "job deprecated" build-test-arch: name: Build and test ZOT runs-on: ubuntu-latest strategy: matrix: os: [linux, darwin] arch: [amd64, arm64] services: s3mock: image: ghcr.io/project-zot/localstack/localstack:0.13.2 env: SERVICES: s3 ports: - 4563-4599:4563-4599 - 9090:8080 steps: - name: Install go uses: actions/setup-go@v2 with: go-version: 1.17.x - name: Check out source code uses: actions/checkout@v1 - name: Install dependencies run: | cd $GITHUB_WORKSPACE go install github.com/swaggo/swag/cmd/swag@latest go mod download sudo apt-get update sudo apt-get install rpm sudo apt-get install snapd sudo apt-get install libgpgme-dev libassuan-dev libbtrfs-dev libdevmapper-dev pkg-config git clone https://github.com/containers/skopeo -b v1.6.1 $GITHUB_WORKSPACE/src/github.com/containers/skopeo cd $GITHUB_WORKSPACE/src/github.com/containers/skopeo && make bin/skopeo cd $GITHUB_WORKSPACE curl -Lo notation.tar.gz https://github.com/notaryproject/notation/releases/download/v0.7.1-alpha.1/notation_0.7.1-alpha.1_linux_amd64.tar.gz sudo tar xvzf notation.tar.gz -C /usr/bin notation go install github.com/wadey/gocovmerge@latest - name: Run build and test timeout-minutes: 60 run: | echo "Building for $OS:$ARCH" cd $GITHUB_WORKSPACE if [[ $OS == "linux" && $ARCH == "amd64" ]]; then make OS=$OS ARCH=$ARCH sudo env "PATH=$PATH" make privileged-test else make OS=$OS ARCH=$ARCH binary binary-minimal binary-debug cli bench exporter-minimal fi env: S3MOCK_ENDPOINT: localhost:4566 AWS_ACCESS_KEY_ID: fake AWS_SECRET_ACCESS_KEY: fake OS: ${{ matrix.os }} ARCH: ${{ matrix.arch }} - name: Upload code coverage uses: codecov/codecov-action@v2 - if: github.event_name == 'release' && github.event.action == 'published' name: Publish artifacts on releases uses: svenstaro/upload-release-action@v2 with: repo_token: ${{ secrets.GITHUB_TOKEN }} file: bin/z* tag: ${{ github.ref }} overwrite: true file_glob: true push-image: if: github.event_name == 'release' && github.event.action== 'published' name: Push OCI images to GitHub Packages runs-on: ubuntu-latest strategy: matrix: os: [linux, darwin] arch: [amd64, arm64] steps: - name: Check out the repo uses: actions/checkout@v2 - name: Log in to GitHub Docker Registry uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push zot container image uses: project-stacker/stacker-build-push-action@main with: file: 'stacker.yaml' build-args: | COMMIT=${{ github.event.release.tag_name }}-${{ github.sha }} OS=${{ matrix.os }} ARCH=${{ matrix.arch }} REPO_NAME=zot-${{ matrix.os }}-${{ matrix.arch }} url: docker://ghcr.io/${{ github.repository_owner }} tags: ${{ github.event.release.tag_name }} latest username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Run zot container image with docker run: | if [[ $OS == "linux" && $ARCH == "amd64" ]]; then docker run -d ghcr.io/${{ github.repository_owner }}/zot-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }} fi env: OS: ${{ matrix.os }} ARCH: ${{ matrix.arch }} - name: Run zot container image with podman run: | if [[ $OS == "linux" && $ARCH == "amd64" ]]; then podman run -d ghcr.io/${{ github.repository_owner }}/zot-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }} fi env: OS: ${{ matrix.os }} ARCH: ${{ matrix.arch }} - name: Build and push zot-minimal container image uses: project-stacker/stacker-build-push-action@main with: file: 'stacker.yaml' build-args: | COMMIT=${{ github.event.release.tag_name }}-${{ github.sha }} OS=${{ matrix.os }} ARCH=${{ matrix.arch }} EXT=-minimal REPO_NAME=zot-minimal-${{ matrix.os }}-${{ matrix.arch }} url: docker://ghcr.io/${{ github.repository_owner }} tags: ${{ github.event.release.tag_name }} latest username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Run zot-minimal container image with docker run: | if [[ $OS == "linux" && $ARCH == "amd64" ]]; then docker run -d ghcr.io/${{ github.repository_owner }}/zot-minimal-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }} fi env: OS: ${{ matrix.os }} ARCH: ${{ matrix.arch }} - name: Run zot-minimal container image with podman run: | if [[ $OS == "linux" && $ARCH == "amd64" ]]; then podman run -d ghcr.io/${{ github.repository_owner }}/zot-minimal-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }} fi env: OS: ${{ matrix.os }} ARCH: ${{ matrix.arch }} - name: Build and push zot-exporter container image uses: project-stacker/stacker-build-push-action@main with: file: 'stacker-zxp.yaml' build-args: | COMMIT=${{ github.event.release.tag_name }}-${{ github.sha }} OS=${{ matrix.os }} ARCH=${{ matrix.arch }} REPO_NAME=zxp-${{ matrix.os }}-${{ matrix.arch }} url: docker://ghcr.io/${{ github.repository_owner }} tags: ${{ github.event.release.tag_name }} latest username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Run zot-exporter container image with docker run: | if [[ $OS == "linux" && $ARCH == "amd64" ]]; then docker run -d ghcr.io/${{ github.repository_owner }}/zxp-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }} fi env: OS: ${{ matrix.os }} ARCH: ${{ matrix.arch }} - name: Run zot-exporter container image with podman run: | if [[ $OS == "linux" && $ARCH == "amd64" ]]; then podman run -d ghcr.io/${{ github.repository_owner }}/zxp-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }} fi env: OS: ${{ matrix.os }} ARCH: ${{ matrix.arch }} - name: Build and push zb container image uses: project-stacker/stacker-build-push-action@main with: file: 'stacker-zb.yaml' build-args: | COMMIT=${{ github.event.release.tag_name }}-${{ github.sha }} OS=${{ matrix.os }} ARCH=${{ matrix.arch }} REPO_NAME=zb-${{ matrix.os }}-${{ matrix.arch }} url: docker://ghcr.io/${{ github.repository_owner }} tags: ${{ github.event.release.tag_name }} latest username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Run zb container image with docker run: | if [[ $OS == "linux" && $ARCH == "amd64" ]]; then docker run -d ghcr.io/${{ github.repository_owner }}/zb-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }} fi env: OS: ${{ matrix.os }} ARCH: ${{ matrix.arch }} - name: Run zb container image with podman run: | if [[ $OS == "linux" && $ARCH == "amd64" ]]; then podman run -d ghcr.io/${{ github.repository_owner }}/zb-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }} fi env: OS: ${{ matrix.os }} ARCH: ${{ matrix.arch }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: image-ref: 'ghcr.io/${{ github.repository }}-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }}' format: 'sarif' output: 'trivy-results.sarif' env: TRIVY_USERNAME: ${{ github.actor }} TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - name: Run Trivy vulnerability scanner (minimal) uses: aquasecurity/trivy-action@master with: image-ref: 'ghcr.io/${{ github.repository }}-minimal-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }}' format: 'sarif' output: 'trivy-results.sarif' env: TRIVY_USERNAME: ${{ github.actor }} TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v2 with: sarif_file: 'trivy-results.sarif'