CI Checklist for Github Actions
jacksgt opened this issue · 10 comments
Originally posted by @martialblog in #68 (comment)
What I currently imagine for the CI is this:
- hadolint runs on all branches/PR
- Images are build on all branches/PR
- Container structure tests on all branches/PR
- Trivy Scan on Tags (report as artifact) (see #67)
- Push on Tags
This could also utilize an external build cache for the image build, see docker-build action.
@jacksgt I just merged your Branch. Thanks again for the great work!
I already added hadolint Jobs. Next will be structure tests and trivy scan.
Cheers
Markus
Why do I think that this Error: invalid tag "docker.io/***/limesurvey:5.0.4+210614-apache" is because the Secret DOCKER_USERNAME is replaced with *** ?
Haha, hunter2 strikes again.
The DOCKER_USERNAME is replaced before logging the output, but not before execution
But that is not the problem.
The issue is the + in the tag.
Ah ok NOW I see what you meant. Hm that's unfortunate... I gotta update the update.sh then, cause I simply used the LS Tags.
😅
I mean, we could also add another build step that string-replaces + with _ automatically (so we get the same behavior as before).
But IMO, it was already kind of weird that the Git tag (on Github) is 5.0.3+foobar but the tag on DockerHub is 5.0.3_foobar (apparently DockerHub did this automatically?).
At least now it will be consistent :-)
I totally agree with + Tags being strange. I just used'em because I wanted the users to have the same schema as the LS Tags.
Dashes are fine, everybody loves dashes... except Python Modules... and Yaml Keys. But those are barely used in OSS.
I think we're good? are we good? Anything else?
Caching is still missing, but we can open a separate issue for that and attach to the GHA milestone.
Yes I agree. Could take a while until the kinks are fixed upstream