From c6684789488cc718f48098e87017f58d70756fc9 Mon Sep 17 00:00:00 2001 From: Daniel Gibbs Date: Mon, 24 Oct 2022 00:26:00 +0100 Subject: [PATCH] update automations --- .github/workflows/codacy-analysis.yml | 61 --------------------------- .github/workflows/docker-publish.yml | 46 +++++++++++++++++++- .github/workflows/snyk-container.yml | 55 ------------------------ .github/workflows/super-linter.yml | 29 ------------- 4 files changed, 45 insertions(+), 146 deletions(-) delete mode 100644 .github/workflows/codacy-analysis.yml delete mode 100644 .github/workflows/snyk-container.yml delete mode 100644 .github/workflows/super-linter.yml diff --git a/.github/workflows/codacy-analysis.yml b/.github/workflows/codacy-analysis.yml deleted file mode 100644 index dbd443b..0000000 --- a/.github/workflows/codacy-analysis.yml +++ /dev/null @@ -1,61 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -# This workflow checks out code, performs a Codacy security scan -# and integrates the results with the -# GitHub Advanced Security code scanning feature. For more information on -# the Codacy security scan action usage and parameters, see -# https://github.com/codacy/codacy-analysis-cli-action. -# For more information on Codacy Analysis CLI in general, see -# https://github.com/codacy/codacy-analysis-cli. - -name: Codacy Security Scan - -on: - push: - branches: ["main", "master"] - pull_request: - # The branches below must be a subset of the branches above - branches: ["main", "master"] - schedule: - - cron: "28 22 * * 4" - -permissions: - contents: read - -jobs: - codacy-security-scan: - permissions: - contents: read # for actions/checkout to fetch code - security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status - name: Codacy Security Scan - runs-on: ubuntu-latest - steps: - # Checkout the repository to the GitHub Actions runner - - name: Checkout code - uses: actions/checkout@v3 - - # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis - - name: Run Codacy Analysis CLI - uses: codacy/codacy-analysis-cli-action@v4.2.0 - with: - # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository - # You can also omit the token and run the tools that support default configurations - project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} - verbose: true - output: results.sarif - format: sarif - # Adjust severity of non-security issues - gh-code-scanning-compat: true - # Force 0 exit code to allow SARIF file generation - # This will handover control about PR rejection to the GitHub side - max-allowed-issues: 2147483647 - - # Upload the SARIF file generated in the previous step - - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: results.sarif diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 281bc45..42fbdc3 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -36,9 +36,32 @@ jobs: push: true tags: | gameservermanagers/steamcmd:latest + gameservermanagers/steamcmd:ubuntu gameservermanagers/steamcmd:ubuntu-22.04 ghcr.io/gameservermanagers/steamcmd:latest + ghcr.io/gameservermanagers/steamcmd:ubuntu ghcr.io/gameservermanagers/steamcmd:ubuntu-22.04 + + ubuntu-2004: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2.2.1 + - name: Login to DockerHub + uses: docker/login-action@v2.1.0 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v2.1.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push (Ubuntu 20.04) uses: docker/build-push-action@v3.2.0 with: @@ -49,7 +72,28 @@ jobs: tags: | gameservermanagers/steamcmd:ubuntu-20.04 ghcr.io/gameservermanagers/steamcmd:ubuntu-20.04 - - name: Build and push (Ubuntu 18.04) + + ubuntu-1804: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2.2.1 + - name: Login to DockerHub + uses: docker/login-action@v2.1.0 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v2.1.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push (Ubuntu 20.04) uses: docker/build-push-action@v3.2.0 with: context: . diff --git a/.github/workflows/snyk-container.yml b/.github/workflows/snyk-container.yml deleted file mode 100644 index fa428d5..0000000 --- a/.github/workflows/snyk-container.yml +++ /dev/null @@ -1,55 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -# A sample workflow which checks out the code, builds a container -# image using Docker and scans that image for vulnerabilities using -# Snyk. The results are then uploaded to GitHub Security Code Scanning -# -# For more examples, including how to limit scans to only high-severity -# issues, monitor images for newly disclosed vulnerabilities in Snyk and -# fail PR checks for new vulnerabilities, see https://github.com/snyk/actions/ - -name: Snyk Container - -on: - push: - branches: ["main", "master"] - pull_request: - # The branches below must be a subset of the branches above - branches: ["main", "master"] - schedule: - - cron: "45 1 * * 4" - -permissions: - contents: read - -jobs: - snyk: - permissions: - contents: read # for actions/checkout to fetch code - security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Build a Docker image - run: docker build -t gameservermanagers/steamcmd -f Dockerfile.ubuntu-2204 . - - name: Run Snyk to check Docker image for vulnerabilities - # Snyk can be used to break the build when it detects vulnerabilities. - # In this case we want to upload the issues to GitHub Code Scanning - continue-on-error: true - uses: snyk/actions/docker@master - env: - # In order to use the Snyk Action you will need to have a Snyk API token. - # More details in https://github.com/snyk/actions#getting-your-snyk-token - # or you can signup for free at https://snyk.io/login - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - image: gameservermanagers/steamcmd - args: --file=Dockerfile.ubuntu-2204 - - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: snyk.sarif diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml deleted file mode 100644 index b1e3d41..0000000 --- a/.github/workflows/super-linter.yml +++ /dev/null @@ -1,29 +0,0 @@ -# This workflow executes several linters on changed files based on languages used in your code base whenever -# you push a code or open a pull request. -# -# You can adjust the behavior by modifying this file. -# For more information, see: -# https://github.com/github/super-linter -name: Lint Code Base - -on: - push: - branches: ["main", "master"] - pull_request: - branches: ["main", "master"] -jobs: - run-lint: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v3 - with: - # Full git history is needed to get a proper list of changed files within `super-linter` - fetch-depth: 0 - - - name: Lint Code Base - uses: github/super-linter@v4 - env: - VALIDATE_ALL_CODEBASE: false - DEFAULT_BRANCH: "main" - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}