From 724c44f89e2cd0e81548a6757c770f6f5ae65b7e Mon Sep 17 00:00:00 2001 From: Matthew Baggett Date: Sat, 18 May 2024 21:23:58 +0200 Subject: [PATCH] Rework triggers again. --- .github/workflows/build.yml | 19 +++++++++++++++++ .github/workflows/docker.clean.yml | 32 ++++++++++++++++++++++++++++ .github/workflows/docker.release.yml | 6 +++--- 3 files changed, 54 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/docker.clean.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cb9ce11..82eb94b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,26 +16,37 @@ concurrency: jobs: build-container: + name: Build uses: ./.github/workflows/docker.build.yml secrets: inherit permissions: contents: read packages: write check-php: + name: PHP QC uses: ./.github/workflows/php.check.yml secrets: inherit permissions: contents: read checks: write check-trunk: + name: Trunk QC uses: ./.github/workflows/trunk.check.yml secrets: inherit permissions: contents: read checks: write + validate-container: + name: Validate + uses: ./.github/workflows/docker.validate.yml + secrets: inherit + permissions: + contents: read release-container: + name: Release needs: - build-container + - validate-container - check-php - check-trunk uses: ./.github/workflows/docker.release.yml @@ -43,3 +54,11 @@ jobs: permissions: contents: read packages: write + clean-container: + name: Clean + needs: + - release-container + uses: ./.github/workflows/docker.clean.yml + secrets: inherit + permissions: + contents: read diff --git a/.github/workflows/docker.clean.yml b/.github/workflows/docker.clean.yml new file mode 100644 index 0000000..dda3ddb --- /dev/null +++ b/.github/workflows/docker.clean.yml @@ -0,0 +1,32 @@ +name: "Build: Cleanup Residue" + +permissions: + contents: read + packages: write + +on: + workflow_call: + workflow_dispatch: + workflow_run: + workflows: ["Build Swarm Loadbalancer"] + types: + - completed + +env: + CANDIDATE_IMAGE: ghcr.io/benzine-framework/bouncer:build-${{ github.sha }} + +jobs: + cleanup-delete-candidate-image: + name: Run Trivy + runs-on: ubuntu-latest + steps: + - uses: benzine-framework/action-setup-docker@main + with: + ghcr_user: ${{ github.repository_owner }} + ghcr_token: ${{ secrets.GHCR_TOKEN }} + - uses: bots-house/ghcr-delete-image-action@v1.1.0 + with: + owner: ${{ github.repository_owner }} + name: ${{ github.event.repository.name }} + token: ${{ secrets.GITHUB_TOKEN }} + tag: build-${{ github.sha }} diff --git a/.github/workflows/docker.release.yml b/.github/workflows/docker.release.yml index 07cdb8e..f9fba8c 100644 --- a/.github/workflows/docker.release.yml +++ b/.github/workflows/docker.release.yml @@ -15,7 +15,7 @@ env: jobs: release: - name: Release Swarm Loadbalancer + name: Release runs-on: ubuntu-latest strategy: matrix: @@ -24,14 +24,14 @@ jobs: - docker fail-fast: false steps: - - name: "Pull Candidate Image" - run: docker pull ${{ env.CANDIDATE_IMAGE }} - uses: benzine-framework/action-setup-docker@main with: ghcr_user: ${{ github.repository_owner }} ghcr_token: ${{ secrets.GHCR_TOKEN }} docker_hub_user: ${{ secrets.DOCKER_HUB_USER }} docker_hub_token: ${{ secrets.DOCKER_HUB_TOKEN }} + - name: "Pull Candidate Image" + run: docker pull ${{ env.CANDIDATE_IMAGE }} - name: "Login to GHCR" if: matrix.registry == 'ghcr' run: docker login ghcr.io -u matthewbaggett -p ${{ secrets.GITHUB_TOKEN }}