Skip to content
---
#########################
#########################
## Deploy Docker Image ##
#########################
#########################
#
# Documentation:
# https://help.github.com/en/articles/workflow-syntax-for-github-actions
#
#######################################
# Start the job on all push to main #
#######################################
name: "Build & Deploy - RELEASE - Flavors"
on:
release:
# Want to run the automation when a release is created
types: ["created"]
paths:
- "Dockerfile"
- "megalinter/**"
- "flavors/**"
- "**/linter-versions.json"
- "**/.sh"
###############
# Set the Job #
###############
jobs:
build:
# Name the Job
name: Deploy Docker Image - RELEASE - Flavors
# Set the agent to run on
runs-on: ${{ matrix.os }}
permissions:
packages: write
environment:
name: release
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest]
# flavors-start
flavor:
[
"ci_light",
"cupcake",
"documentation",
"dotnet",
"dotnetweb",
"go",
"java",
"javascript",
"php",
"python",
"ruby",
"rust",
"salesforce",
"security",
"swift",
"terraform",
]
# flavors-end
if: github.repository == 'oxsecurity/megalinter' && !contains(github.event.head_commit.message, 'skip deploy')
##################
# Load all steps #
##################
steps:
##########################
# Checkout the code base #
##########################
- name: Checkout Code
uses: actions/checkout@v4
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Get current date
run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> ${GITHUB_ENV}
- name: Build Image
uses: docker/build-push-action@v5
with:
context: .
file: Dockerfile-release
platforms: linux/amd64
build-args: |
MEGALINTER_BASE_IMAGE=docker.io/oxsecurity/megalinter-${{ matrix.flavor }}:beta
BUILD_DATE=${{ env.BUILD_DATE }}
BUILD_REVISION=${{ github.sha }}
BUILD_VERSION=${{ github.event.release.tag_name }}
load: false
push: true
secrets: |
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
tags: |
docker.io/oxsecurity/megalinter-${{ matrix.flavor }}:v7
docker.io/oxsecurity/megalinter-${{ matrix.flavor }}:${{ github.event.release.tag_name }}
docker.io/oxsecurity/megalinter-${{ matrix.flavor }}:latest
ghcr.io/oxsecurity/megalinter-${{ matrix.flavor }}:v7
ghcr.io/oxsecurity/megalinter-${{ matrix.flavor }}:${{ github.event.release.tag_name }}
ghcr.io/oxsecurity/megalinter-${{ matrix.flavor }}:latest
- name: Build Worker Image
uses: docker/build-push-action@v5
with:
context: .
file: Dockerfile-release
platforms: linux/amd64
build-args: |
MEGALINTER_BASE_IMAGE=docker.io/oxsecurity/megalinter-worker-${{ matrix.flavor }}:beta
BUILD_DATE=${{ env.BUILD_DATE }}
BUILD_REVISION=${{ github.sha }}
BUILD_VERSION=${{ github.event.release.tag_name }}
load: false
push: true
secrets: |
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
tags: |
docker.io/oxsecurity/megalinter-worker-${{ matrix.flavor }}:v7
docker.io/oxsecurity/megalinter-worker-${{ matrix.flavor }}:${{ github.event.release.tag_name }}
docker.io/oxsecurity/megalinter-worker-${{ matrix.flavor }}:latest
ghcr.io/oxsecurity/megalinter-worker-${{ matrix.flavor }}:v7
ghcr.io/oxsecurity/megalinter-worker-${{ matrix.flavor }}:${{ github.event.release.tag_name }}
ghcr.io/oxsecurity/megalinter-worker-${{ matrix.flavor }}:latest
##############################################
# Check Docker image security with Trivy #
##############################################
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/oxsecurity/megalinter-${{ matrix.flavor }}:${{ github.event.release.tag_name }}'
format: 'table'
exit-code: '1'
ignore-unfixed: true
scanners: vuln
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
timeout: 10m0s