Skip to content

Merge pull request #354 from niepi/release/8.1-version-upgrades #478

Merge pull request #354 from niepi/release/8.1-version-upgrades

Merge pull request #354 from niepi/release/8.1-version-upgrades #478

Workflow file for this run

name: CI
on:
push:
branches:
- 'release/**'
pull_request:
env:
ALIAS_VERSION: '8.1'
VERSION_FOR_ALIAS: '8.1.30'
jobs:
ci:
name: Build PHP ${{ matrix.php-version }}
runs-on: ubuntu-latest
continue-on-error: true
strategy:
matrix:
php-version:
- '8.1.30'
- '8.1.29'
- '8.1.28'
- '8.1.27'
- '8.1.26'
- '8.1.25'
- '8.1.24'
- '8.1.23'
- '8.1.22'
- '8.1.21'
- '8.1.20'
- '8.1.19'
- '8.1.18'
- '8.1.17'
- '8.1.16'
- '8.1.15'
- '8.1.14'
- '8.1.13'
- '8.1.12'
- '8.1.11'
- '8.1.10'
- '8.1.9'
- '8.1.8'
- '8.1.7'
- '8.1.6'
- '8.1.5'
- '8.1.4'
- '8.1.3'
- '8.1.1'
- '8.1.0'
steps:
- name: "Checkout code"
uses: actions/checkout@v2
- name: "Build Alpine"
run: ./build_alpine_version.sh ${{ matrix.php-version }}
- name: "Check Alpine -i"
run: docker run --rm -t exozet/php-fpm:${{ matrix.php-version }}-alpine php -i
- name: "Check Alpine -v"
run: docker run --rm -t exozet/php-fpm:${{ matrix.php-version }}-alpine php -v
- name: "Build standard"
run: ./build_version.sh ${{ matrix.php-version }}
- name: "Check Standard -i"
run: docker run --rm -t exozet/php-fpm:${{ matrix.php-version }} php -i
- name: "Check Standard -v"
run: docker run --rm -t exozet/php-fpm:${{ matrix.php-version }} php -v
- name: Run Alpine Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'exozet/php-fpm:${{ matrix.php-version }}-alpine'
format: 'table'
exit-code: '0' # we don't break the build if vulnerabilities are included!
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
- if: contains(github.ref, 'refs/heads/release/') && matrix.php-version == env.VERSION_FOR_ALIAS
name: Run Alpine Trivy vulnerability scanner and upload to github security tab
uses: aquasecurity/trivy-action@master
with:
image-ref: 'exozet/php-fpm:${{ matrix.php-version }}-alpine'
format: 'sarif'
output: 'trivy-results.sarif'
- if: contains(github.ref, 'refs/heads/release/') && matrix.php-version == env.VERSION_FOR_ALIAS
name: Upload Alpine Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: 'trivy-results.sarif'
- if: contains(github.ref, 'refs/heads/release/')
name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- if: contains(github.ref, 'refs/heads/release/')
name: Login to Quay.io
uses: docker/login-action@v1
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
- if: contains(github.ref, 'refs/heads/release/') && matrix.php-version == env.VERSION_FOR_ALIAS
name: "Push PHP ${{ matrix.php-version }} and for version alias ${{ env.ALIAS_VERSION }}"
run: ./push_version.sh ${{ matrix.php-version }} ${{ env.ALIAS_VERSION }}
- if: contains(github.ref, 'refs/heads/release/') && matrix.php-version != env.VERSION_FOR_ALIAS
name: "Push PHP ${{ matrix.php-version }}"
run: ./push_version.sh ${{ matrix.php-version }}