-
Notifications
You must be signed in to change notification settings - Fork 27
137 lines (133 loc) · 4.74 KB
/
docker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: buildx
on:
push:
branches:
- main
- develop
tags: 'v*'
jobs:
buildx:
runs-on: ubuntu-latest
strategy:
matrix:
include:
# tools are build in order, for dependencies.
- name: "rbqwrapped tools (p0f only)"
tools: "rbqwrapper p0f"
- name: pcap_to_node_pcap
tools: "pcap_to_node_pcap"
- name: tcprewrite_dot1q
tools: "tcprewrite_dot1q"
- name: ncapture
tools: "network_tap/ncapture"
- name: network_tap
tools: "network_tap"
- name: mercury
tools: "mercury"
- name: pcap_stats
tools: "pcap_stats"
- name: snort
tools: "snort"
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Get version number
id: get_version
run: |
VERSION=$(git describe --tags)
echo VERSION=${VERSION}
echo ::set-output name=VERSION::${VERSION}
TAG_VERSION=$(git describe --abbrev=0 --tags)
echo TAG_VERSION=${TAG_VERSION}
echo ::set-output name=TAG_VERSION::${TAG_VERSION}
if [[ ${VERSION} == ${TAG_VERSION} ]] ||
[[ "${GITHUB_REF##*/}" == "main" ]]; then
IS_RELEASE="true"
else
IS_RELEASE="false"
fi
echo IS_RELEASE=${IS_RELEASE}
echo ::set-output name=IS_RELEASE::${IS_RELEASE}
- name: Should this workflow push to Docker Hub?
id: docker
env:
DOCKER_PASSWORD: ${{ secrets.DOCKER_TOKEN }}
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_NAMESPACE: ${{ secrets.DOCKER_NAMESPACE }}
run: |
PUSH_TO_DOCKER="false"
if [[ "${{ github.event_name }}" == "push" ]] &&
[[ "${{ steps.get_version.outputs.IS_RELEASE }}" == "true" ]]
then
# Must define all three variables for Docker Hub publishing to work
[[ -z "$DOCKER_USERNAME" ]] && (echo "Must define secret: DOCKER_USERNAME"; exit 1)
[[ -z "$DOCKER_PASSWORD" ]] && (echo "Must define secret: DOCKER_PASSWORD"; exit 1)
[[ -z "$DOCKER_NAMESPACE" ]] && (echo "Must define secret: DOCKER_NAMESPACE"; exit 1)
PUSH_TO_DOCKER="true"
fi
echo ::set-output name=PUSH_TO_DOCKER::${PUSH_TO_DOCKER}
echo PUSH_TO_DOCKER=${PUSH_TO_DOCKER}
- name: Change tag for release on main branch
id: publish_tag
run: |
echo GITHUB_REF=${GITHUB_REF}
echo 'GITHUB_REF##*/'=${GITHUB_REF##*/}
if [[ "${GITHUB_REF##*/}" == "main" ]]; then
echo ::set-output name=TAG::latest;
echo TAG=latest
else
echo ::set-output name=TAG::${VERSION};
echo TAG=${VERSION}
fi
env:
VERSION: ${{ steps.get_version.outputs.VERSION }}
- name: Test building only
run: |
for tool in ${{ matrix.tools }} ; do
TAGGED_IMAGE="${{ secrets.DOCKER_NAMESPACE }}/$(basename ${tool}):${{ steps.publish_tag.outputs.TAG }}"
docker build -t ${TAGGED_IMAGE} -f "${tool}/Dockerfile" .
done
if: steps.docker.outputs.PUSH_TO_DOCKER == 'false'
- name: Set up qemu
uses: docker/setup-qemu-action@v2
with:
platforms: all
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
with:
version: latest
if: success() && (steps.docker.outputs.PUSH_TO_DOCKER == 'true')
- name: Docker Login
env:
DOCKER_PASSWORD: ${{ secrets.DOCKER_TOKEN }}
run: |
echo "${DOCKER_PASSWORD}" | docker login --username "${{ secrets.DOCKER_USERNAME }}" --password-stdin
if: success() && (steps.docker.outputs.PUSH_TO_DOCKER == 'true')
- name: Build and push platforms
env:
DOCKER_CLI_EXPERIMENTAL: enabled
run: |
for tool in ${{ matrix.tools }} ; do
TAGGED_IMAGE="${{ secrets.DOCKER_NAMESPACE }}/$(basename ${tool}):${{ steps.publish_tag.outputs.TAG }}"
docker buildx build \
--platform linux/amd64,linux/arm/v7,linux/arm64 \
--push \
-t ${TAGGED_IMAGE} -f "${tool}/Dockerfile" .
done
if: success() && (steps.docker.outputs.PUSH_TO_DOCKER == 'true')
- name: List available tags for images
env:
DOCKER_CLI_EXPERIMENTAL: enabled
run: |
for tool in ${{ matrix.tools }} ; do
image="${{ secrets.DOCKER_NAMESPACE }}/$(basename ${tool})"
echo "${image}:" $(
wget -q https://registry.hub.docker.com/v1/repositories/${image}/tags -O - |
tr -d '[]" ' |
tr '}' '\n' |
awk -F: '{printf $3 " "}'
)
done
if: success() && (steps.docker.outputs.PUSH_TO_DOCKER == 'true')