Merge pull request #2 from stackhpc/image-scan-on-build

seunghun1ee · web-flow · commit db99971fbce9 · 2024-11-13T13:42:36.000Z
Image scan on build
diff --git a/.github/workflows/docker-images.yaml b/.github/workflows/docker-images.yaml
@@ -1,44 +1,41 @@
 name: Multi-Arch Docker Build and Push to GHCR
-
 on:
+  push:
+    tags:
+      - v*
   workflow_dispatch:
-    inputs:
-      branches:
-        description: "branch"
-        type: string
-        default: master
-      tags:
-        description: "tag"
-        type: string
-        default: v0.1.0
-
 
 jobs:
   build:
     runs-on: ubuntu-latest
-
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
-
-      - name: Login to GHCR
-        run: echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx for multiarch images
-        uses: docker/setup-buildx-action@v3
-
-      - name: Build and push Docker image to GHCR
-        run: |
-          # Strip git ref prefix from version
-          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
-
-          # Strip "v" prefix from tag name
-          [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
-
-          docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v7 \
-              --push \
-              -t ghcr.io/${{ github.repository }}:${VERSION} \
-              .
+      - name: Check out the repository
+        uses: actions/checkout@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Calculate metadata for image
+        id: image-meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ghcr.io/stackhpc/radosgw_usage_exporter
+          # Produce the branch name or tag and the SHA as tags
+          tags: |
+            type=ref,event=branch
+            type=ref,event=tag
+            type=sha,prefix=
+
+      - name: Build and push image
+        uses: stackhpc/github-actions/docker-multiarch-build-push@master
+        with:
+          cache-key: radosgw_usage_exporter
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.image-meta.outputs.tags }}
+          labels: ${{ steps.image-meta.outputs.labels }}
