test docker metadata in periodic release

sarg3nt · Oct 30, 2024 · 2dac1f4 · 2dac1f4
1 parent babdccc
commit 2dac1f4
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 27 deletions.
diff --git a/.github/workflows/periodic-release.yml b/.github/workflows/periodic-release.yml
@@ -30,6 +30,16 @@ jobs:
           fetch-depth: 0
           fetch-tags: true
 
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+
       - name: Get the latest tag version
         id: get_version
         run: |
@@ -62,37 +72,38 @@ jobs:
             new_version="v${major}.${minor}.${new_patch}"
             echo "New Version: $new_version"
             echo "VERSION=$new_version" >> $GITHUB_ENV
+            echo "tags from docker metadata: ${{ steps.meta.outputs.tags }}"
           else
             echo "Could not determine the latest tag version."
             exit 1
           fi
 
       # Docs: https://github.com/marketplace/actions/create-release
-      - name: 'Create Release'
-        id: create_release
-        uses: ncipollo/release-action@v1
-        with:
-          body: "A Weekly release contianing upgrades to system packages in the base Rocker Linux container."
-          makeLatest: true
-          prerelease: false
-          tag: ${{ env.VERSION }}
+      # - name: 'Create Release'
+      #   id: create_release
+      #   uses: ncipollo/release-action@v1
+      #   with:
+      #     body: "A Weekly release contianing upgrades to system packages in the base Rocker Linux container."
+      #     makeLatest: true
+      #     prerelease: false
+      #     tag: ${{ env.VERSION }}
 
-      - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
-        with:
-          egress-policy: audit
+      # - name: Harden Runner
+      #   uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+      #   with:
+      #     egress-policy: audit
 
-      - name: Log into registry
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+      # - name: Log into registry
+      #   uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+      #   with:
+      #     registry: ${{ env.REGISTRY }}
+      #     username: ${{ github.actor }}
+      #     password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Build and push Docker image
-        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
-        with:
-          push: true
-          tags: ${{ env.TAG_MAJOR }},${{ env.TAG_MINOR }},${{ env.TAG_PATCH }},${{ env.TAG_LATEST }}
-        env: 
-          GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      # - name: Build and push Docker image
+      #   uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
+      #   with:
+      #     push: true
+      #     tags: ${{ env.TAG_MAJOR }},${{ env.TAG_MINOR }},${{ env.TAG_PATCH }},${{ env.TAG_LATEST }}
+      #   env: 
+      #     GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -3,7 +3,7 @@
 # separate terms of service, privacy policy, and support
 # documentation.
 
-name: trivy
+name: Trivy
 
 on:
   push:
@@ -22,7 +22,7 @@ permissions:
   contents: read
 
 jobs:
-  build:
+  trivy-scan:
     permissions:
       contents: write # for actions/checkout to fetch code and for SBOM to push results
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results