feat(STONEINTG-1072): refactoring clamav-db to avoid uploading file #1039
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Clamav DB | |
# This workflow builds latest version of clamav-db and | |
# pushes it to konflux-ci registry | |
on: | |
schedule: | |
- cron: '0 6 * * *' | |
workflow_dispatch: | |
push: | |
branches: [ main ] | |
paths: | |
- clamav/** | |
- .github/workflows/clam-db.yaml | |
pull_request: | |
branches: [ main ] | |
paths: | |
- clamav/** | |
- .github/workflows/clam-db.yaml | |
env: | |
REGISTRY: quay.io/konflux-ci | |
IMAGE_NAME: clamav-db | |
VERSION_MAJOR: "v1" | |
LATEST_TAG: latest | |
jobs: | |
build: | |
name: Build the new image | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Set env | |
run: | | |
echo "NEW_TAG=${VERSION_MAJOR}.$(date --utc '+%Y%m%d%H%M%S')" | tee -a "$GITHUB_ENV" | |
- name: Dockerfile linter | |
if: ${{ github.event_name == 'pull_request' }} # don't break regular rebuilds if linter is updated | |
uses: hadolint/hadolint-action@v3.1.0 | |
with: | |
dockerfile: clamav/Dockerfile | |
ignore: DL3041 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Build-image | |
id: build-image | |
uses: redhat-actions/buildah-build@v2 | |
with: | |
image: ${{ env.IMAGE_NAME }} | |
tags: ${{ env.NEW_TAG}} ${{ env.VERSION_MAJOR }} ${{ env.LATEST_TAG }} | |
archs: amd64,ppc64le | |
context: clamav/ | |
containerfiles: | | |
./clamav/Dockerfile | |
- name: Get ClamAV version | |
run: | | |
podman run --rm -t ${{ steps.build-image.outputs.image-with-tag }} clamscan --version | |
- name: Log into registry konflux-ci | |
if: ${{ github.event_name != 'pull_request' }} # don't login from PR; secrets are not passed to PRs from fork | |
uses: redhat-actions/podman-login@v1 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ secrets.KONFLUX_CI_TEST_QUAY_USER }} | |
password: ${{ secrets.KONFLUX_CI_TEST_QUAY_TOKEN}} | |
- name: Push into registry konflux-ci/clamav-db # temporarily added step to push to quay.io/konflux-ci/clamav-db | |
if: ${{ github.event_name != 'pull_request' }} | |
id: push-to-quay-konflux-ci | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ steps.build-image.outputs.image }} | |
tags: ${{ steps.build-image.outputs.tags }} | |
registry: ${{ env.REGISTRY }} |