Labs/kartoteka
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Исправления в build-docker

Browse Source
This commit is contained in:
brusnitsyn
2026-03-17 14:44:09 +09:00
parent 40d1af7212
commit 5d0d80ebc3
1 changed files with 14 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
.github/workflows/build-docker.yml vendored
View File

@@ -2,10 +2,7 @@ name: Build and Push Docker Image
on: on:
push: push:
branches: [main, master] branches: [master]
tags: ['v*']
pull_request:
branches: [main, master]
env: env:
REGISTRY: registry.brusoff.su REGISTRY: registry.brusoff.su
@@ -19,34 +16,34 @@ jobs:
uses: actions/setup-node@v4 uses: actions/setup-node@v4
with: with:
node-version: '20' node-version: '20'
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Setup PHP - name: Setup PHP
uses: shivammathur/setup-php@v2 uses: shivammathur/setup-php@v2
with: with:
php-version: '8.3' php-version: '8.3'
extensions: mbstring, xml, ctype, iconv, intl, pdo_mysql, pdo_pgsql, gd, redis, zip extensions: mbstring, xml, ctype, iconv, intl, pdo_mysql, pdo_pgsql, gd, redis, zip
coverage: none coverage: none
- name: Validate composer.json - name: Validate composer.json
run: composer validate --strict run: composer validate --strict
- name: Install dependencies - name: Install dependencies
run: composer install --prefer-dist --no-progress --no-suggest run: composer install --prefer-dist --no-progress --no-suggest
- name: Run PHP tests - name: Run PHP tests
run: vendor/bin/phpunit run: vendor/bin/phpunit
build: build:
runs-on: docker runs-on: docker
#if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/')) #if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/'))
steps: steps:
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
- name: Cache Docker layers - name: Cache Docker layers
uses: actions/cache@v3 uses: actions/cache@v3
with: with:
@@ -54,14 +51,14 @@ jobs:
key: ${{ runner.os }}-buildx-${{ github.sha }} key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: | restore-keys: |
${{ runner.os }}-buildx- ${{ runner.os }}-buildx-
- name: Login to Registry - name: Login to Registry
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
registry: ${{ env.REGISTRY }} registry: ${{ env.REGISTRY }}
username: ${{ secrets.REGISTRY_USERNAME }} username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }} password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Extract metadata - name: Extract metadata
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@v5
@@ -74,7 +71,7 @@ jobs:
type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}}.{{minor}}
type=sha,prefix={{branch}}- type=sha,prefix={{branch}}-
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' }} type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' }}
- name: Build and push - name: Build and push
uses: docker/build-push-action@v5 uses: docker/build-push-action@v5
with: with:
@@ -87,16 +84,16 @@ jobs:
platforms: linux/amd64,linux/arm64 platforms: linux/amd64,linux/arm64
build-args: | build-args: |
BUILDKIT_INLINE_CACHE=1 BUILDKIT_INLINE_CACHE=1
- name: Scan image for vulnerabilities - name: Scan image for vulnerabilities
uses: aquasecurity/trivy-action@master uses: aquasecurity/trivy-action@master
with: with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
format: 'sarif' format: 'sarif'
output: 'trivy-results.sarif' output: 'trivy-results.sarif'
- name: Upload Trivy scan results - name: Upload Trivy scan results
uses: github/codeql-action/upload-sarif@v2 uses: github/codeql-action/upload-sarif@v2
if: always() if: always()
with: with:
sarif_file: 'trivy-results.sarif' sarif_file: 'trivy-results.sarif'