From b8f2186593efb96a0262858b0c817cf8231d2793 Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Fri, 22 Apr 2022 14:15:04 +0200 Subject: [PATCH 1/2] revert: docker matrix build Apparently matrix builds don't work with the docker action. Only reference I found about the topic: https://github.com/docker/build-push-action/issues/130 Signed-off-by: Mark Sagi-Kazar --- .github/workflows/artifacts.yaml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml index f9634829..9eafb324 100644 --- a/.github/workflows/artifacts.yaml +++ b/.github/workflows/artifacts.yaml @@ -14,10 +14,6 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - platform: - - linux/amd64 - - linux/arm/v7 - - linux/arm64 variant: - alpine - distroless @@ -62,7 +58,7 @@ jobs: - name: Set up QEMU uses: docker/setup-qemu-action@v1 with: - platforms: arm64,arm + platforms: all - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 @@ -86,7 +82,7 @@ jobs: uses: docker/build-push-action@v2 with: context: . - platforms: ${{ matrix.platform }} + platforms: linux/amd64,linux/arm/v7,linux/arm64 cache-from: type=gha cache-to: type=gha,mode=max push: ${{ github.event_name == 'push' }} From a9fb4ae7efeeefc710766c0fda077ead65047c9b Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Fri, 22 Apr 2022 14:21:28 +0200 Subject: [PATCH 2/2] revert: move container scan back to the container build step Signed-off-by: Mark Sagi-Kazar --- .github/workflows/artifacts.yaml | 28 ++-------------------------- 1 file changed, 2 insertions(+), 26 deletions(-) diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml index 9eafb324..09662c62 100644 --- a/.github/workflows/artifacts.yaml +++ b/.github/workflows/artifacts.yaml @@ -17,8 +17,6 @@ jobs: variant: - alpine - distroless - outputs: - version: ${{ steps.details.outputs.version }} steps: - name: Checkout @@ -103,38 +101,16 @@ jobs: org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }} org.opencontainers.image.documentation=https://dexidp.io/docs/ - container-scan: - name: Container scan - runs-on: ubuntu-latest - needs: container-images - if: github.event_name == 'push' - strategy: - matrix: - variant: - - alpine - - distroless - - steps: - # Workaround for lack of matrix output support - - name: Calculate container image details - id: details - run: | - VERSION="${{ needs.container-images.outputs.version }}" - - if [[ "${{ matrix.variant }}" != "alpine" ]]; then - VERSION="${VERSION}-${{ matrix.variant }}" - fi - - echo ::set-output name=version::${VERSION} - - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.2.5 with: image-ref: "ghcr.io/dexidp/dex:${{ steps.details.outputs.version }}" format: "sarif" output: "trivy-results.sarif" + if: github.event_name == 'push' - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v1 with: sarif_file: "trivy-results.sarif" + if: github.event_name == 'push'