Docker Image Release #49

# to view logs

Workflow file for this run

.github/workflows/docker-image.yml at 2f7d538

	---
	name: Docker Image Release

	on:
	schedule:
	- cron: '0 0 * * *'
	push:
	branches:
	- main

	env:
	DOCKER_REPO_NAME: rogerrum
	DOCKER_IMAGE_NAME: docker-nomie6-oss

	jobs:
	# Get list of versions
	get-latest-version:
	name: Get Latest Release Version for nomie6-oss
	runs-on: ubuntu-latest
	steps:
	- name: Get Latest Release Version
	id: get_nomie_version
	run: \|
	# Fetch the latest stable release (exclude beta versions)
	echo "version=$(curl -s -H 'Accept: application/vnd.github.v3+json' https://api.github.com/repos/open-nomie/nomie6-oss/releases \| jq -cMr '([.[]\|select(all(.tag_name; contains("beta")\|not))])\|.[:1]\|.[].tag_name')" >> "${GITHUB_OUTPUT}"

	- name: Output Versions
	run: \|
	# Output the versions for further use
	echo "Latest Release: ${{ steps.get_nomie_version.outputs.version }}"

	outputs:
	nomie: ${{ steps.get_nomie_version.outputs.version }}

	check-image-version:
	needs: get-latest-version
	name: Check if Image Version Exists
	runs-on: ubuntu-latest
	steps:
	- name: Check if image exists
	id: check_image
	run: \|
	if docker pull rogerrum/docker-nomie6-oss:${{ needs.get-latest-version.outputs.nomie }}; then
	echo "Image version already exists. Skipping build."
	echo "skip_build=true" >> "${GITHUB_OUTPUT}"
	else
	echo "Image version does not exist. Proceeding with the build."
	echo "skip_build=false" >> "${GITHUB_OUTPUT}"
	fi
	continue-on-error: true # Allow failure as we want to proceed with the build even if the image doesn't exist

	- name: Output
	run: \|
	echo "Skip Build: ${{ steps.check_image.outputs.skip_build }}"

	outputs:
	skip: ${{ steps.check_image.outputs.skip_build }}

	build:
	runs-on: ubuntu-latest
	needs:
	- check-image-version
	- get-latest-version
	if: ${{ needs.check-image-version.outputs.skip == 'false' }}

	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Docker login - docker hub
	uses: azure/docker-login@v2
	with:
	username: ${{ secrets.USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}

	- name: Docker login - ghcr
	uses: azure/docker-login@v2
	with:
	login-server: ghcr.io
	username: ${{ secrets.USERNAME }}
	password: ${{ secrets.PASSWORD }}

	- name: Set up Qemu
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	id: buildx
	uses: docker/setup-buildx-action@v3

	- name: Output platforms
	run: \|
	echo "Platforms: ${{ steps.buildx.outputs.platforms }}"

	- name: Build and push with latest tag
	uses: docker/build-push-action@v6
	with:
	push: true
	pull: true
	platforms: linux/arm64,linux/amd64
	build-args: \|
	BRANCH=${{ needs.get-latest-version.outputs.nomie }}
	tags: \|
	rogerrum/docker-nomie6-oss:${{ needs.get-latest-version.outputs.nomie }}
	rogerrum/docker-nomie6-oss:latest
	ghcr.io/rogerrum/docker-nomie6-oss:latest
	ghcr.io/rogerrum/docker-nomie6-oss:${{ needs.get-latest-version.outputs.nomie }}

	- name: Docker Hub Description
	if: github.event_name != 'pull_request'
	uses: peter-evans/dockerhub-description@v4
	with:
	username: ${{ secrets.USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}
	repository: rogerrum/docker-nomie6-oss

	# Trivy test
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	id: trivy
	with:
	image-ref: 'ghcr.io/rogerrum/docker-nomie6-oss:${{ needs.get-latest-version.outputs.nomie }}'
	format: 'sarif'
	exit-code: '0'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'
	output: results.sarif

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v3
	if: always()
	with:
	sarif_file: 'results.sarif'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Docker Image Release #49

Workflow file

Docker Image Release #49

Jobs

Run details

Workflow file for this run