ci: replace deprecated workflow syntax

This commit is contained in:
Robert Kaussow 2024-10-27 21:30:12 +01:00
parent 91f47a04f8
commit 6de824dbe7
Signed by: xoxys
GPG Key ID: 4E692A2EAECC03C0
5 changed files with 42 additions and 61 deletions

View File

@ -6,24 +6,30 @@ when:
- ${CI_REPO_DEFAULT_BRANCH} - ${CI_REPO_DEFAULT_BRANCH}
steps: steps:
dryrun: - name: security-build
image: quay.io/thegeeklab/wp-docker-buildx:5 image: quay.io/thegeeklab/wp-docker-buildx:5
settings: settings:
containerfile: Containerfile.multiarch containerfile: Containerfile.multiarch
dry_run: true output: type=oci,dest=oci/${CI_REPO_NAME},tar=false
platforms:
- linux/amd64
- linux/arm64
- linux/arm/v7
- linux/arm/v6
provenance: false
repo: thegeeklab/${CI_REPO_NAME} repo: thegeeklab/${CI_REPO_NAME}
when:
- event: [pull_request]
publish-dockerhub: - name: security-scan
group: build image: docker.io/aquasec/trivy
depends_on: security-build
commands:
- trivy -v
- trivy image --input oci/${CI_REPO_NAME}
environment:
TRIVY_EXIT_CODE: "1"
TRIVY_IGNORE_UNFIXED: "true"
TRIVY_NO_PROGRESS: "true"
TRIVY_SEVERITY: HIGH,CRITICAL
TRIVY_TIMEOUT: 1m
TRIVY_DB_REPOSITORY: docker.io/aquasec/trivy-db:2
- name: publish-dockerhub
image: quay.io/thegeeklab/wp-docker-buildx:5 image: quay.io/thegeeklab/wp-docker-buildx:5
depends_on: [security-scan]
settings: settings:
auto_tag: true auto_tag: true
containerfile: Containerfile.multiarch containerfile: Containerfile.multiarch
@ -44,9 +50,9 @@ steps:
branch: branch:
- ${CI_REPO_DEFAULT_BRANCH} - ${CI_REPO_DEFAULT_BRANCH}
publish-quay: - name: publish-quay
group: build
image: quay.io/thegeeklab/wp-docker-buildx:5 image: quay.io/thegeeklab/wp-docker-buildx:5
depends_on: [security-scan]
settings: settings:
auto_tag: true auto_tag: true
containerfile: Containerfile.multiarch containerfile: Containerfile.multiarch

View File

@ -6,19 +6,19 @@ when:
- ${CI_REPO_DEFAULT_BRANCH} - ${CI_REPO_DEFAULT_BRANCH}
steps: steps:
checksum: - name: checksum
image: quay.io/thegeeklab/alpine-tools image: quay.io/thegeeklab/alpine-tools
commands: commands:
- sha256sum wait-for > sha256sum.txt - sha256sum wait-for > sha256sum.txt
changelog: - name: changelog
image: quay.io/thegeeklab/git-sv image: quay.io/thegeeklab/git-sv
commands: commands:
- git sv current-version - git sv current-version
- git sv release-notes -t ${CI_COMMIT_TAG:-next} -o CHANGELOG.md - git sv release-notes -t ${CI_COMMIT_TAG:-next} -o CHANGELOG.md
- cat CHANGELOG.md - cat CHANGELOG.md
publish-github: - name: publish-github
image: docker.io/plugins/github-release image: docker.io/plugins/github-release
settings: settings:
api_key: api_key:

View File

@ -6,12 +6,12 @@ when:
- ${CI_REPO_DEFAULT_BRANCH} - ${CI_REPO_DEFAULT_BRANCH}
steps: steps:
markdownlint: - name: markdownlint
image: quay.io/thegeeklab/markdownlint-cli image: quay.io/thegeeklab/markdownlint-cli
commands: commands:
- markdownlint 'README.md' 'CONTRIBUTING.md' - markdownlint 'README.md' 'CONTRIBUTING.md'
spellcheck: - name: spellcheck
image: quay.io/thegeeklab/alpine-tools image: quay.io/thegeeklab/alpine-tools
commands: commands:
- spellchecker --files 'README.md' 'CONTRIBUTING.md' -d .dictionary -p spell indefinite-article syntax-urls - spellchecker --files 'README.md' 'CONTRIBUTING.md' -d .dictionary -p spell indefinite-article syntax-urls
@ -19,16 +19,16 @@ steps:
FORCE_COLOR: "true" FORCE_COLOR: "true"
NPM_CONFIG_LOGLEVEL: "error" NPM_CONFIG_LOGLEVEL: "error"
pushrm-dockerhub: - name: pushrm-dockerhub
image: docker.io/chko/docker-pushrm:1 image: docker.io/chko/docker-pushrm:1
secrets: depends_on: [markdownlint, spellcheck]
- source: docker_password
target: DOCKER_PASS
- source: docker_username
target: DOCKER_USER
environment: environment:
DOCKER_PASS:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
PUSHRM_FILE: README.md PUSHRM_FILE: README.md
PUSHRM_SHORT: Poor-mans service synchronizer PUSHRM_SHORT: Retry any shell command
PUSHRM_TARGET: ${CI_REPO} PUSHRM_TARGET: ${CI_REPO}
when: when:
- event: [push, manual] - event: [push, manual]
@ -36,12 +36,12 @@ steps:
- ${CI_REPO_DEFAULT_BRANCH} - ${CI_REPO_DEFAULT_BRANCH}
status: [success] status: [success]
pushrm-quay: - name: pushrm-quay
image: docker.io/chko/docker-pushrm:1 image: docker.io/chko/docker-pushrm:1
secrets: depends_on: [markdownlint, spellcheck]
- source: quay_token
target: APIKEY__QUAY_IO
environment: environment:
APIKEY__QUAY_IO:
from_secret: quay_token
PUSHRM_FILE: README.md PUSHRM_FILE: README.md
PUSHRM_TARGET: quay.io/${CI_REPO} PUSHRM_TARGET: quay.io/${CI_REPO}
when: when:

View File

@ -1,26 +0,0 @@
---
when:
- event: [tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
runs_on: [success, failure]
steps:
matrix:
image: quay.io/thegeeklab/wp-matrix
settings:
homeserver:
from_secret: matrix_homeserver
password:
from_secret: matrix_password
roomid:
from_secret: matrix_roomid
username:
from_secret: matrix_username
when:
- status: [success, failure]
depends_on:
- docs

View File

@ -6,20 +6,21 @@ when:
- ${CI_REPO_DEFAULT_BRANCH} - ${CI_REPO_DEFAULT_BRANCH}
steps: steps:
lint: - name: lint
group: test
image: docker.io/koalaman/shellcheck-alpine:stable image: docker.io/koalaman/shellcheck-alpine:stable
depends_on: []
commands: commands:
- shellcheck ./wait-for - shellcheck ./wait-for
test-ncat: - name: test-ncat
group: test
image: docker.io/bats/bats image: docker.io/bats/bats
depends_on: []
commands: commands:
- bats ./wait-for.bats - bats ./wait-for.bats
test-bash: - name: test-bash
image: docker.io/bats/bats image: docker.io/bats/bats
depends_on: []
commands: commands:
- rm -rf /usr/bin/nc - rm -rf /usr/bin/nc
- bats ./wait-for.bats - bats ./wait-for.bats