Add disable_notification support for telegram. #2779
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions | |
| permissions: | |
| contents: read | |
| on: | |
| push: | |
| branches: | |
| - 'master' | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| env: | |
| DOCKERHUB_SLUG: crazymax/diun | |
| GHCR_SLUG: ghcr.io/crazy-max/diun | |
| DESTDIR: ./bin | |
| DOCKER_BUILD_SUMMARY: false | |
| SCOUT_VERSION: "1.18.2" | |
| jobs: | |
| prepare: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| validate-includes: ${{ steps.validate.outputs.includes }} | |
| artifact-platforms: ${{ steps.artifact.outputs.platforms }} | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| - | |
| name: Validate matrix | |
| id: validate | |
| uses: actions/github-script@v7 | |
| env: | |
| GOLANGCI_LINT_MULTIPLATFORM: 1 | |
| with: | |
| script: | | |
| let def = {}; | |
| await core.group(`Parsing definition`, async () => { | |
| const resPrint = await exec.getExecOutput('docker', ['buildx', 'bake', 'validate', '--print'], { | |
| ignoreReturnCode: true | |
| }); | |
| if (resPrint.stderr.length > 0 && resPrint.exitCode != 0) { | |
| throw new Error(res.stderr); | |
| } | |
| def = JSON.parse(resPrint.stdout.trim()); | |
| }); | |
| await core.group(`Generating matrix`, async () => { | |
| const includes = []; | |
| for (const targetName of Object.keys(def.target)) { | |
| const target = def.target[targetName]; | |
| if (target.platforms && target.platforms.length > 0) { | |
| target.platforms.forEach(platform => { | |
| includes.push({ | |
| target: targetName, | |
| platform: platform | |
| }); | |
| }); | |
| } else { | |
| includes.push({ | |
| target: targetName | |
| }); | |
| } | |
| } | |
| core.info(JSON.stringify(includes, null, 2)); | |
| core.setOutput('includes', JSON.stringify(includes)); | |
| }); | |
| - | |
| name: Artifact matrix | |
| id: artifact | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const targetName = 'artifact-all'; | |
| let def = {}; | |
| await core.group(`Parsing definition`, async () => { | |
| const resPrint = await exec.getExecOutput('docker', ['buildx', 'bake', targetName, '--print'], { | |
| ignoreReturnCode: true | |
| }); | |
| if (resPrint.stderr.length > 0 && resPrint.exitCode != 0) { | |
| throw new Error(res.stderr); | |
| } | |
| def = JSON.parse(resPrint.stdout.trim()); | |
| }); | |
| await core.group(`Generating matrix`, async () => { | |
| const platforms = def.target?.[targetName]?.platforms ?? []; | |
| if (platforms.length === 0) { | |
| throw new Error(`No platforms found for ${targetName} target`); | |
| } | |
| core.info(JSON.stringify(platforms, null, 2)); | |
| core.setOutput('platforms', JSON.stringify(platforms)); | |
| }); | |
| validate: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: ${{ fromJson(needs.prepare.outputs.validate-includes) }} | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| - | |
| name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - | |
| name: Validate | |
| uses: docker/bake-action@v6 | |
| with: | |
| source: . | |
| targets: ${{ matrix.target }} | |
| set: | | |
| *.platform=${{ matrix.platform }} | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - | |
| name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - | |
| name: Test | |
| uses: docker/bake-action@v6 | |
| with: | |
| source: . | |
| targets: test | |
| pull: true | |
| - | |
| name: Upload coverage | |
| uses: codecov/codecov-action@v5 | |
| with: | |
| directory: ${{ env.DESTDIR }}/coverage | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| govulncheck: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| # same as global permission | |
| contents: read | |
| # required to write sarif report | |
| security-events: write | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| - | |
| name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - | |
| name: Run | |
| uses: docker/bake-action@v6 | |
| with: | |
| source: . | |
| targets: govulncheck | |
| env: | |
| GOVULNCHECK_FORMAT: sarif | |
| - | |
| name: Upload SARIF report | |
| if: ${{ github.ref == 'refs/heads/master' }} | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: ${{ env.DESTDIR }}/govulncheck.out | |
| artifact: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| - validate | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| platform: ${{ fromJson(needs.prepare.outputs.artifact-platforms) }} | |
| steps: | |
| - | |
| name: Prepare | |
| run: | | |
| platform=${{ matrix.platform }} | |
| echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - | |
| name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - | |
| name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - | |
| name: Build | |
| uses: docker/bake-action@v6 | |
| with: | |
| source: . | |
| targets: artifact | |
| provenance: mode=max | |
| sbom: true | |
| pull: true | |
| set: | | |
| *.platform=${{ matrix.platform }} | |
| - | |
| name: Rename provenance and sbom | |
| working-directory: ${{ env.DESTDIR }}/artifact | |
| run: | | |
| binname=$(find . -name 'diun_*') | |
| filename=$(basename "$binname" | sed -E 's/\.(tar\.gz|zip)$//') | |
| mv "provenance.json" "${filename}.provenance.json" | |
| mv "sbom-binary.spdx.json" "${filename}.sbom.json" | |
| find . -name 'sbom*.json' -exec rm {} \; | |
| - | |
| name: List artifacts | |
| run: | | |
| tree -nh ${{ env.DESTDIR }} | |
| - | |
| name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: diun-${{ env.PLATFORM_PAIR }} | |
| path: ${{ env.DESTDIR }} | |
| if-no-files-found: error | |
| release: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| # required to create GitHub release | |
| contents: write | |
| needs: | |
| - artifact | |
| - test | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| - | |
| name: Download artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: ${{ env.DESTDIR }} | |
| pattern: diun-* | |
| merge-multiple: true | |
| - | |
| name: List artifacts | |
| run: | | |
| tree -nh ${{ env.DESTDIR }} | |
| - | |
| name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - | |
| name: Build | |
| uses: docker/bake-action@v6 | |
| with: | |
| source: . | |
| targets: release | |
| provenance: false | |
| - | |
| name: GitHub Release | |
| uses: softprops/action-gh-release@v2 | |
| if: startsWith(github.ref, 'refs/tags/') | |
| with: | |
| draft: true | |
| files: | | |
| ${{ env.DESTDIR }}/release/* | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| image: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| # same as global permissions | |
| contents: read | |
| # required to push to GHCR | |
| packages: write | |
| needs: | |
| - artifact | |
| - test | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - | |
| name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ${{ env.DOCKERHUB_SLUG }} | |
| ${{ env.GHCR_SLUG }} | |
| tags: | | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=ref,event=pr | |
| type=edge | |
| labels: | | |
| org.opencontainers.image.title=Diun | |
| org.opencontainers.image.description=Docker image update notifier | |
| org.opencontainers.image.vendor=CrazyMax | |
| - | |
| name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - | |
| name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - | |
| name: Login to DockerHub | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - | |
| name: Login to GHCR | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - | |
| name: Build | |
| uses: docker/bake-action@v6 | |
| with: | |
| source: . | |
| files: | | |
| ./docker-bake.hcl | |
| ${{ steps.meta.outputs.bake-file }} | |
| targets: image-all | |
| provenance: mode=max | |
| sbom: true | |
| pull: true | |
| push: ${{ github.event_name != 'pull_request' }} | |
| - | |
| name: Check manifest | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| docker buildx imagetools inspect ${{ env.DOCKERHUB_SLUG }}:${{ steps.meta.outputs.version }} | |
| docker buildx imagetools inspect ${{ env.GHCR_SLUG }}:${{ steps.meta.outputs.version }} | |
| - | |
| name: Inspect image | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| docker pull ${{ env.DOCKERHUB_SLUG }}:${{ steps.meta.outputs.version }} | |
| docker image inspect ${{ env.DOCKERHUB_SLUG }}:${{ steps.meta.outputs.version }} | |
| docker pull ${{ env.GHCR_SLUG }}:${{ steps.meta.outputs.version }} | |
| docker image inspect ${{ env.GHCR_SLUG }}:${{ steps.meta.outputs.version }} | |
| scout: | |
| runs-on: ubuntu-latest | |
| if: ${{ github.ref == 'refs/heads/master' }} | |
| permissions: | |
| # same as global permission | |
| contents: read | |
| # required to write sarif report | |
| security-events: write | |
| needs: | |
| - image | |
| steps: | |
| - | |
| name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - | |
| name: Scout | |
| id: scout | |
| uses: crazy-max/.github/.github/actions/docker-scout@ccae1c98f1237b5c19e4ef77ace44fa68b3bc7e4 | |
| with: | |
| version: ${{ env.SCOUT_VERSION }} | |
| format: sarif | |
| image: registry://${{ env.DOCKERHUB_SLUG }}:edge | |
| - | |
| name: Upload SARIF report | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: ${{ steps.scout.outputs.result-file }} |