-
Notifications
You must be signed in to change notification settings - Fork 50
130 lines (127 loc) · 4.16 KB
/
docker-image.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: Docker Image CI
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
workflow_dispatch:
inputs:
misp_ref:
description: 'MISP branch or tag to build'
required: true
default: 'develop'
env:
TEST_TAG: misp:latest
# See https://github.com/goodwithtech/dockle/issues/188
DOCKLE_HOST: "unix:///var/run/docker.sock"
BUCKET_NAME: testbucket
MINIO_ACCESS_KEY: testuser
MINIO_SECRET_KEY: i5Qkesr8fbV0Vezn0zojaIyKvnObUtNMXFu38wlT
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Fetch variables
run: for v in $(python3 .github/workflows/docker-version.py ${{ github.event.inputs.misp_ref }}); do echo $v >> $GITHUB_ENV; done
id: variables
-
name: Cache Docker layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
-
name: Build and export to Docker
uses: docker/build-push-action@v5
with:
context: .
load: true
tags: ${{ env.TEST_TAG }}
cache-from: type=local,src=/tmp/.buildx-cache/amd64
cache-to: type=local,dest=/tmp/.buildx-cache-new/amd64,mode=max
build-args: |
CACHEBUST=${{ env.MISP_COMMIT }}
MISP_VERSION=${{ env.MISP_VERSION }}
-
name: Test
env:
BUCKET_NAME: ${{ env.BUCKET_NAME }}
S3_ACCESS_KEY: ${{ env.MINIO_ACCESS_KEY }}
S3_SECRET_KEY: ${{ env.MINIO_SECRET_KEY }}
run: |
cat .github/workflows/test/.test-env.sh >> ./.env_s3
docker history ${{ env.TEST_TAG }}
MISP_IMAGE=${{ env.TEST_TAG }} docker compose up --detach --quiet-pull
sleep 15 # Wait until container is ready
docker logs misp
AUTHKEY=$(docker exec misp su-exec apache /var/www/MISP/app/Console/cake user init)
VERSION=$(curl --fail -v -H "Authorization: $AUTHKEY" -H "Accept: application/json" http://localhost:8080/servers/getVersion)
echo $VERSION | jq
.github/workflows/test/test_minio.sh $S3_ACCESS_KEY $S3_SECRET_KEY $BUCKET_NAME $AUTHKEY
docker restart misp # Also test restart
sleep 10 # Wait until container is ready
curl --fail -v -H "Authorization: $AUTHKEY" -H "Accept: application/json" http://localhost:8080/servers/getVersion
docker compose down
-
name: Build Docker for linux/arm64
uses: docker/build-push-action@v5
with:
context: .
platforms: linux/arm64
tags: ${{ env.TEST_TAG }}
cache-from: type=local,src=/tmp/.buildx-cache/arm64
cache-to: type=local,dest=/tmp/.buildx-cache-new/arm64,mode=max
build-args: |
CACHEBUST=${{ env.MISP_COMMIT }}
MISP_VERSION=${{ env.MISP_VERSION }}
-
# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
du -sh /tmp/.buildx-cache
-
name: Login to GitHub Container Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Login to DockerHub
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
username: nukib
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Build and push
if: github.event_name != 'pull_request'
uses: docker/build-push-action@v5
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: |
nukib/misp:latest
ghcr.io/nukib/misp:latest
build-args: |
CACHEBUST=${{ env.MISP_COMMIT }}
MISP_VERSION=${{ env.MISP_VERSION }}