Skip to content
Build, Test, Scan, and Push OCI Images

fix(ci): add contents write permission to release #24

Sign in to view logs

fix(ci): add contents write permission to release

fix(ci): add contents write permission to release #24

Workflow file for this run

.github/workflows/container-build.yml at d7c040b
---
name: Build, Test, Scan, and Push OCI Images
on:
push:
paths-ignore:
- 'heap-dump-companion/**'
jobs:
build-and-push-images:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
strategy:
matrix:
include:
- image: heap-dump-service
dockerfile: heap-dump-service/Dockerfile
gopath: heap-dump-service
ghcr-image: ghcr.io/${{ github.repository }}/heap-dump-service
- image: notify-sidecar
dockerfile: notify-sidecar/Dockerfile
gopath: notify-sidecar
ghcr-image: ghcr.io/${{ github.repository }}/notify-sidecar
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Log in to GHCR
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ matrix.ghcr-image }}
- name: Go Test
run: |
cd ${{ matrix.gopath }}
go test -v ./...
- name: Build
uses: docker/build-push-action@v6
with:
context: ${{ matrix.image }}
file: ${{ matrix.dockerfile }}
push: false
tags: ${{ matrix.ghcr-image }}:latest
labels: ${{ steps.meta.outputs.labels }}
- name: Trivy Scan
uses: aquasecurity/[email protected]
with:
image-ref: ${{ matrix.ghcr-image }}:latest
format: table
severity: CRITICAL,HIGH
- name: Push
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
uses: docker/build-push-action@v6
with:
context: ${{ matrix.image }}
file: ${{ matrix.dockerfile }}
push: true
tags: ${{ matrix.ghcr-image }}:latest
labels: ${{ steps.meta.outputs.labels }}