-
Notifications
You must be signed in to change notification settings - Fork 23
84 lines (73 loc) · 2.31 KB
/
kubectl-shell.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
name: "kubectl-shell"
on:
workflow_dispatch:
push:
branches:
- develop
paths:
- 'kube-shell/**'
pull_request:
branches:
- develop
paths:
- 'kube-shell/**'
env:
DOCKER_HUB_REPO: portainerci/kubectl-shell
GITHUB_PR_NUMBER: ${{ github.event.pull_request.number }}
jobs:
build_images:
runs-on: ubuntu-latest
steps:
- name: "[preparation] checkout"
uses: actions/checkout@v4.1.1
- name: "[preparation] set up qemu"
uses: docker/setup-qemu-action@v3.2.0
- name: "[preparation] set up docker context for buildx"
run: docker context create builders
- name: "[preparation] set up docker buildx"
uses: docker/setup-buildx-action@v3.6.1
with:
endpoint: builders
driver-opts: image=moby/buildkit:v0.16.0
- name: "[preparation] docker login"
uses: docker/login-action@v3.3.0
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: "set image tag for pull request"
run: |
echo "IMAGE_TAG=pr${{ github.event.pull_request.number }}" >> $GITHUB_ENV
if: ${{ github.event_name == 'pull_request' }}
- name: "set image tag for develop"
run: |
echo "IMAGE_TAG=latest" >> $GITHUB_ENV
if: ${{ github.event_name == 'push' }}
- name: "build and push images"
uses: docker/build-push-action@v6.7.0
with:
context: kubectl-shell/
tags: ${{ env.DOCKER_HUB_REPO }}:${{ env.IMAGE_TAG }}
build-args: |
KUBERNETES_RELEASE=v1.31.0
ALPINE=alpine:latest
HELM_VERSION=v3.15.4
platforms: |
linux/amd64
linux/arm64
linux/arm
linux/ppc64le
sbom: true
provenance: true
push: true
- name: "docker scout scan"
id: docker-scout
if: ${{ github.event_name == 'pull_request' }}
uses: docker/scout-action@v1
with:
command: cves
image: ${{ env.DOCKER_HUB_REPO }}:${{ env.IMAGE_TAG }}
to: portainer/base:latest
ignore-unchanged: true
only-severities: critical,high
write-comment: true
github-token: ${{ secrets.GITHUB_TOKEN }}