Clamav DB #587
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Clamav DB | |
# This workflow builds latest version of clamav-db and | |
# pushes it to app-studio registry | |
on: | |
schedule: | |
- cron: '0 6 * * *' | |
push: | |
branches: [ main ] | |
paths: | |
- clamav/** | |
- .github/workflows/clam-db.yaml | |
pull_request: | |
branches: [ main ] | |
paths: | |
- clamav/** | |
- .github/workflows/clam-db.yaml | |
env: | |
REGISTRY: quay.io/redhat-appstudio | |
IMAGE_NAME: clamav-db | |
VERSION_MAJOR: "v1" | |
LATEST_TAG: latest | |
jobs: | |
build: | |
name: Build the new image | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Set env | |
run: | | |
echo "NEW_TAG=${VERSION_MAJOR}.$(date --utc '+%Y%m%d%H%M%S')" | tee -a "$GITHUB_ENV" | |
- name: Dockerfile linter | |
if: ${{ github.event_name == 'pull_request' }} # don't break regular rebuilds if linter is updated | |
uses: hadolint/hadolint-action@v3.1.0 | |
with: | |
dockerfile: clamav/Dockerfile | |
ignore: DL3041 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Build-image | |
id: build-image | |
uses: redhat-actions/buildah-build@v2 | |
with: | |
image: ${{ env.IMAGE_NAME }} | |
tags: ${{ env.NEW_TAG}} ${{ env.VERSION_MAJOR }} ${{ env.LATEST_TAG }} | |
archs: amd64,ppc64le | |
containerfiles: | | |
./clamav/Dockerfile | |
- name: Get ClamAV version | |
run: | | |
podman run --rm -t ${{ steps.build-image.outputs.image-with-tag }} clamscan --version | |
- name: Check ClamAV output format | |
run: | | |
podman run --rm -t ${{ steps.build-image.outputs.image-with-tag }} clamscan -ri /etc/hosts > clamav.log | |
bash clamav/test_clamav_format.sh clamav.log | |
- name: Log into registry | |
if: ${{ github.event_name != 'pull_request' }} # don't login from PR; secrets are not passed to PRs from fork | |
uses: redhat-actions/podman-login@v1 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ secrets.HACBS_TEST_QUAY_USER }} | |
password: ${{ secrets.HACBS_TEST_QUAY_TOKEN }} | |
- name: Push into registry | |
if: ${{ github.event_name != 'pull_request' }} # don't push image from PR | |
id: push-to-quay | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ steps.build-image.outputs.image }} | |
tags: ${{ steps.build-image.outputs.tags }} | |
registry: ${{ env.REGISTRY }} |