ci: update repo flutter version after pushing new image #116
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
pull_request: | |
paths: | |
- .github/workflows/pr_image.yml | |
- Dockerfile | |
- config/version.json | |
- script/docker-entrypoint.sh | |
- script/set_environment_variables.sh | |
workflow_dispatch: | |
jobs: | |
test_image: | |
permissions: | |
# Allow to write packages for the docker/scout-action to write a comment | |
packages: write | |
# Allow to write pull requests for the docker/scout-action to write a comment | |
pull-requests: write | |
# Allow to write security events for github/codeql-action/upload-sarif to upload SARIF results | |
security-events: write | |
runs-on: ubuntu-22.04 | |
env: | |
IMAGE_REPOSITORY_NAME: flutter-android | |
VERSION_MANIFEST: config/version.json | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
- name: Login to Docker Hub | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ github.token }} | |
- name: Read environment variables from version.json | |
env: | |
GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }} | |
run: ./script/set_environment_variables.sh | |
- name: Load image metadata | |
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5 | |
id: metadata | |
with: | |
images: | | |
${{ env.IMAGE_REPOSITORY_PATH }} | |
ghcr.io/${{ env.IMAGE_REPOSITORY_PATH }} | |
quay.io/${{ env.IMAGE_REPOSITORY_PATH }} | |
tags: | | |
type=raw,value=${{ env.FLUTTER_VERSION }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3 | |
- name: Build image and push to local Docker daemon | |
uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5 | |
with: | |
load: true | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
labels: ${{ steps.metadata.outputs.labels }} | |
tags: ${{ steps.metadata.outputs.tags }} | |
target: android | |
build-args: | | |
flutter_version=${{ env.FLUTTER_VERSION }} | |
fastlane_version=${{ env.FASTLANE_VERSION }} | |
android_build_tools_version=${{ env.ANDROID_BUILD_TOOLS_VERSION }} | |
android_platform_versions=${{ env.ANDROID_PLATFORM_VERSIONS }} | |
- name: Test image | |
uses: plexsystems/container-structure-test-action@c0a028aa96e8e82ae35be556040340cbb3e280ca # v0.3.0 | |
with: | |
image: ${{ fromJSON(steps.metadata.outputs.json).tags[0] }} | |
config: test/android.yml | |
# TODO: Parallelize testing and vulnerability scanning | |
- name: Scan with Docker Scout | |
id: docker-scout | |
uses: docker/scout-action@e71a6e518e912cc9094cb8c89e29bb0dcef01668 # v1 | |
with: | |
command: compare, recommendations | |
# Use the Docker Hub image that is the first tag in the metadata | |
image: local://${{ fromJson(steps.metadata.outputs.json).tags[0] }} | |
# github-token is needed to be able to write the PR comment | |
github-token: ${{ github.token }} | |
organization: ${{ secrets.DOCKER_HUB_USERNAME }} | |
# sarif-file: output.sarif.json | |
to-env: prod | |
# Enable debug logging when needed | |
# debug: true | |
# verbose-debug: true | |
# - name: Upload scan results to the GitHub Security tab | |
# uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3 | |
# with: | |
# sarif_file: output.sarif.json |