Skip to content

Commit

Permalink
Merge pull request #2 from xima-media/ansible_version_tag
Browse files Browse the repository at this point in the history
feat: add ansible version tag
  • Loading branch information
maikschneider authored Nov 21, 2024
2 parents eec1da2 + dd1f132 commit 7ea086d
Showing 1 changed file with 18 additions and 5 deletions.
23 changes: 18 additions & 5 deletions .github/workflows/build-and-publish-ansible.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,15 +20,28 @@ jobs:
- name: Checkout
uses: actions/checkout@v3

- name: Get current date for build tag
id: date
run: echo "::set-output name=date::$(date +'%Y-%m-%d')"
- name: Log in to GitHub packages
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build and publish docker image for testing
uses: docker/build-push-action@v5
with:
context: ./debian-ansible
push: true
tags: ghcr.io/xima-media/debian-ansible:test
labels: ${{ steps.meta.outputs.labels }}

- name: Test and get Ansible version
run: |
ANSIBLE_VERSION="$(docker run --rm ghcr.io/xima-media/debian-ansible:test ansible-community --version | cut -d' ' -f4-)"
echo "$ANSIBLE_VERSION"
echo "ANSIBLE_VERSION=$ANSIBLE_VERSION" >> $GITHUB_ENV
id: test

- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
Expand All @@ -40,13 +53,13 @@ jobs:
with:
context: ./debian-ansible
push: true
tags: ghcr.io/xima-media/debian-ansible:${{ steps.date.outputs.date }}
tags: ghcr.io/xima-media/debian-ansible:${{ env.ANSIBLE_VERSION }}
labels: ${{ steps.meta.outputs.labels }}

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ghcr.io/xima-media/debian-ansible:${{ steps.date.outputs.date }}
image-ref: ghcr.io/xima-media/debian-ansible:${{ env.ANSIBLE_VERSION }}
format: 'sarif'
output: 'debian-ansible.sarif'
exit-code: '1'
Expand Down

0 comments on commit 7ea086d

Please sign in to comment.