Skip to content

Run as non root

Run as non root #186

name: docker-build-and-push
on:
push:
paths-ignore:
- "README.md"
pull_request:
branches:
- master
paths-ignore:
- "README.md"
jobs:
docker:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/386
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: docker images before
run: docker image ls
- name: Build awstats for testing
uses: docker/build-push-action@v5
with:
load: true
tags: pabra/awstats:test
cache-from: type=registry,ref=pabra/awstats:buildcache
- name: Build awstats-test
uses: docker/build-push-action@v5
with:
context: ./test
file: ./test/Dockerfile
load: true
tags: pabra/awstats-test:latest
- name: run tests
run: ./run_tests.sh skip_build
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: pabra/awstats
labels: |
org.opencontainers.image.authors=Patrick Braune<[email protected]>
- name: Prepare
id: prep
if: github.event_name != 'pull_request'
run: |
set -ex
DOCKER_IMAGE=pabra/awstats
BRANCH="${GITHUB_REF#refs/heads/}"
SHORT_SHA="${GITHUB_SHA:0:7}"
COMMITS="$( git rev-list --count "${BRANCH}" )"
SUBJECT="$( git show --no-patch --format=%s ${GITHUB_SHA} )"
if [[ "${SUBJECT}" != publish:* ]]; then
echo "tags=${TAGS}" >> $GITHUB_OUTPUT
else
if [ "${BRANCH}" = 'master' ]; then
TAGS="${DOCKER_IMAGE}:${BRANCH}-${COMMITS}-${SHORT_SHA}"
TAGS="${TAGS},${DOCKER_IMAGE}:edge"
elif [ "${BRANCH}" = '7.9' ]; then
TAGS="${DOCKER_IMAGE}:${BRANCH}-${COMMITS}-${SHORT_SHA}"
TAGS="${TAGS},${DOCKER_IMAGE}:${BRANCH}"
TAGS="${TAGS},${DOCKER_IMAGE}:latest"
elif [ "${BRANCH}" = '7.8' ]; then
TAGS="${DOCKER_IMAGE}:${BRANCH}-${COMMITS}-${SHORT_SHA}"
TAGS="${TAGS},${DOCKER_IMAGE}:${BRANCH}"
elif [ "${BRANCH}" = '7.7' ]; then
TAGS="${DOCKER_IMAGE}:${BRANCH}-${COMMITS}-${SHORT_SHA}"
TAGS="${TAGS},${DOCKER_IMAGE}:${BRANCH}"
elif [ "${BRANCH}" = 'actions' ]; then
TAGS="${DOCKER_IMAGE}:${BRANCH}-${COMMITS}-${SHORT_SHA}"
else
TAGS=''
fi
echo "tags=${TAGS}" >> $GITHUB_OUTPUT
fi
- name: debug tags
run: |
set -ex
echo "tags: '${{ steps.prep.outputs.tags }}'"
- name: Login to DockerHub
if: github.event_name != 'pull_request' && steps.prep.outputs.tags
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push
if: github.event_name != 'pull_request' && steps.prep.outputs.tags
id: docker_build
uses: docker/build-push-action@v5
with:
platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/386
push: true
tags: ${{ steps.prep.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=pabra/awstats:buildcache
cache-to: type=registry,ref=pabra/awstats:buildcache,mode=max