Mouws/protonmail-bridge-nextcoud-podman
1
0
Fork 1
mirror of https://github.com/shenxn/protonmail-bridge-docker.git synced 2026-03-26 21:35:58 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

ci: modernize deb workflow actions, GHCR only

Browse Source
This commit is contained in:
Trent Maetzold 2026-03-11 11:47:53 -05:00
parent aac8004a51
commit 985d3ba428
1 changed files with 35 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
.github/workflows/deb.yaml vendored
View File

@ -13,67 +13,65 @@ on:
workflow_dispatch: workflow_dispatch:
env: env:
DOCKER_REPO: shenxn/protonmail-bridge GHCR_REPO: ghcr.io/trent-maetzold/protonmail-bridge
DOCKER_REPO_DEV: ghcr.io/shenxn/protonmail-bridge-dev
jobs: jobs:
deb: deb:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@master uses: actions/checkout@v4
- name: Set version - name: Set version
id: version run: echo "version=$(cat VERSION)" >> $GITHUB_ENV
run: echo "version=`cat VERSION`" >> $GITHUB_ENV
- name: Set repo
id: repo
run: if [[ $GITHUB_REF == "refs/heads/master" ]]; then echo "::set-output name=repo::${DOCKER_REPO}"; else echo "::set-output name=repo::${DOCKER_REPO_DEV}"; fi
- name: Docker meta - name: Docker meta
id: docker_meta id: meta
uses: crazy-max/ghaction-docker-meta@v1 uses: docker/metadata-action@v5
with: with:
images: ${{ steps.repo.outputs.repo }} images: ${{ env.GHCR_REPO }}
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1 uses: docker/setup-buildx-action@v3
- name: Build image without push - name: Build image without push
uses: docker/build-push-action@v2 uses: docker/build-push-action@v6
with: with:
context: ./deb context: ./deb
file: ./deb/Dockerfile file: ./deb/Dockerfile
load: true load: true
tags: protonmail-bridge:latest tags: protonmail-bridge:latest
- name: Scan image
id: scan - name: Run Trivy vulnerability scan
uses: anchore/scan-action@v2 uses: aquasecurity/trivy-action@0.30.0
with: with:
image: protonmail-bridge:latest image-ref: protonmail-bridge:latest
fail-build: true format: 'sarif'
severity-cutoff: critical exit-code: 0
acs-report-enable: true severity: 'CRITICAL,HIGH'
- name: Upload Anchore scan SARIF report output: 'trivy-results.sarif'
- name: Upload Trivy scan SARIF report
uses: github/codeql-action/upload-sarif@v3 uses: github/codeql-action/upload-sarif@v3
with: with:
sarif_file: ${{ steps.scan.outputs.sarif }} sarif_file: 'trivy-results.sarif'
- name: Login to DockerHub
uses: docker/login-action@v1 - name: Login to GHCR
if: ${{ github.event_name != 'pull_request' }} uses: docker/login-action@v3
with: if: github.event_name != 'pull_request'
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
if: ${{ github.event_name != 'pull_request' }}
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Push image - name: Push image
uses: docker/build-push-action@v2 uses: docker/build-push-action@v6
if: github.event_name != 'pull_request'
with: with:
context: ./deb context: ./deb
file: ./deb/Dockerfile file: ./deb/Dockerfile
tags: | tags: |
${{ steps.repo.outputs.repo }}:latest ${{ env.GHCR_REPO }}:latest
${{ steps.repo.outputs.repo }}:${{ env.version }} ${{ env.GHCR_REPO }}:${{ env.version }}
labels: ${{ steps.docker_meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
push: ${{ github.event_name != 'pull_request' }} push: true