Merge branch 'master' into dependabot/maven/org.openrewrite.recipe-re… #1674

Workflow file for this run

.github/workflows/docker-publish.yml at 86986f4

	name: Build and publish Docker images

	on:
	push:
	branches: [ "**" ]
	paths-ignore:
	- "Website/**"
	- "*.md"
	pull_request_target:
	paths-ignore:
	- "Website/**"
	- "*.md"
	workflow_dispatch:

	env:
	REGISTRY: ghcr.io

	jobs:
	build:
	runs-on: "ubuntu-latest"
	if: github.repository == 'SaptarshiSarkar12/Drifty'
	strategy:
	matrix:
	docker_context: [CLI, GUI]
	image_name: [ drifty-cli, drifty-gui ]
	exclude:
	- docker_context: CLI
	image_name: drifty-gui
	- docker_context: GUI
	image_name: drifty-cli
	fail-fast: false
	permissions:
	contents: read
	packages: write
	security-events: write
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	ref: ${{ github.event.pull_request.head.sha }}
	- name: Get Drifty version
	run: echo "VERSION=$(jq .version version.json \| sed -r 's/"//g')" >> $GITHUB_ENV
	- name: Split up Version into semantic parts
	run: \|
	echo "VERSION_NUMBER=$(echo $VERSION \| cut -d '-' -f1)" >> $GITHUB_ENV
	if [[ $VERSION == - ]]; then
	RELEASE_STAGE_SHORT=$(echo $VERSION \| cut -d '-' -f2 \| cut -d '.' -f1)
	REVISION_NUMBER=$(echo $VERSION \| cut -d '-' -f2 \| cut -d '.' -f2)
	else
	RELEASE_STAGE_SHORT="Stable"
	REVISION_NUMBER=0
	fi
	echo "RELEASE_STAGE_SHORT=$RELEASE_STAGE_SHORT" >> $GITHUB_ENV
	echo "REVISION_NUMBER=$REVISION_NUMBER" >> $GITHUB_ENV
	if [[ $RELEASE_STAGE_SHORT == "alpha" ]]; then
	echo "RELEASE_STAGE=Alpha" >> $GITHUB_ENV
	elif [[ $RELEASE_STAGE_SHORT == "beta" ]]; then
	echo "RELEASE_STAGE=Beta" >> $GITHUB_ENV
	elif [[ $RELEASE_STAGE_SHORT == "rc" ]]; then
	echo "RELEASE_STAGE=Release Candidate" >> $GITHUB_ENV
	else
	echo "RELEASE_STAGE=Stable" >> $GITHUB_ENV
	fi
	- name: Update system packages
	if: matrix.docker_context == 'GUI'
	run: sudo apt-get update
	- name: Install build dependencies
	if: matrix.docker_context == 'GUI'
	run: \|
	sudo apt-get install libasound2-dev libavcodec-dev libavformat-dev libavutil-dev libfreetype6-dev
	sudo apt-get install libgl-dev libglib2.0-dev libgtk-3-dev libpango1.0-dev libx11-dev libxtst-dev zlib1g-dev
	- name: Update yt-dlp
	if: ${{ github.event_name != 'pull_request_target' && github.repository == 'SaptarshiSarkar12/Drifty' && !contains(github.ref_name, 'dependabot') }}
	run: \|
	chmod +x Core/src/main/resources/yt-dlp
	Core/src/main/resources/yt-dlp -U
	- name: Set up GraalVM JDK 21
	uses: graalvm/setup-graalvm@v1
	with:
	java-version: '21'
	distribution: 'graalvm'
	github-token: ${{ secrets.GITHUB_TOKEN }}
	set-java-home: true
	cache: 'maven'
	- name: Package Drifty CLI with GraalVM
	if: matrix.docker_context == 'CLI'
	run: mvn -P build-drifty-cli-for-ubuntu-latest package
	- name: Set Up Maven version 3.8.8 # For GUI build issues, maven version 3.8.8 needs to be used
	if: matrix.docker_context == 'GUI'
	uses: stCarolas/setup-maven@v5
	with:
	maven-version: 3.8.8
	- name: Build platform-specific C object for missing jdk libraries
	if: matrix.docker_context == 'GUI'
	run: gcc -c config/missing_symbols.c -o config/missing_symbols-ubuntu-latest.o
	- name: Install dependency modules for GUI
	if: matrix.docker_context == 'GUI'
	run: mvn -U clean install
	- name: Package Drifty GUI with GraalVM
	if: matrix.docker_context == 'GUI'
	run: mvn -P build-drifty-gui-for-ubuntu-latest gluonfx:build gluonfx:package -rf :GUI
	- name: Categorise build artifacts for CLI
	if: matrix.docker_context == 'CLI'
	run: \|
	mkdir build
	mkdir build/CLI
	mv "CLI/target/CLI/linux/Drifty CLI" "CLI/target/CLI/linux/Drifty_CLI"
	mv "CLI/target/CLI/linux/Drifty_CLI" -t build/CLI
	- name: Categorise build artifacts for GUI
	if: matrix.docker_context == 'GUI'
	run: \|
	mkdir build
	mkdir build/GUI
	mv "GUI/target/gluonfx/x86_64-linux/Drifty GUI" "GUI/target/gluonfx/x86_64-linux/Drifty_GUI"
	mv "GUI/target/gluonfx/x86_64-linux/Drifty_GUI" -t build/GUI

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	# Set up BuildKit Docker container builder to be able to build
	# multi-platform images and export cache
	# https://github.com/docker/setup-buildx-action
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3.6.1

	# Login to GitHub Container Registry
	# https://github.com/docker/login-action
	- name: Log into registry
	uses: docker/login-action@v3.3.0
	if: github.event_name != 'pull_request_target'
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	# Extract metadata (tags, labels) for Docker
	# https://github.com/docker/metadata-action
	- name: Extract Docker metadata
	id: meta
	uses: docker/metadata-action@v5.5.1
	with:
	images: \|
	${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ matrix.image_name }}
	tags: \|
	type=ref,event=branch
	type=ref,event=pr
	type=raw,value=alpha,enable=${{ env.RELEASE_STAGE == 'Alpha' && github.event_name == 'workflow_dispatch' && github.repository == 'SaptarshiSarkar12/Drifty' && github.ref_name == 'master' }}
	type=raw,value=beta,enable=${{ env.RELEASE_STAGE == 'Beta' && github.event_name == 'workflow_dispatch' && github.repository == 'SaptarshiSarkar12/Drifty' && github.ref_name == 'master' }}
	type=raw,value=rc,enable=${{ env.RELEASE_STAGE == 'Release Candidate' && github.event_name == 'workflow_dispatch' && github.repository == 'SaptarshiSarkar12/Drifty' && github.ref_name == 'master' }}
	type=raw,value=latest,enable=${{ env.RELEASE_STAGE == 'Stable' && github.event_name == 'workflow_dispatch' && github.repository == 'SaptarshiSarkar12/Drifty' && github.ref_name == 'master' }}
	type=raw,value=${{ env.VERSION }},enable=${{ github.event_name == 'workflow_dispatch' && github.repository == 'SaptarshiSarkar12/Drifty' && github.ref_name == 'master' }}
	type=raw,value=${{ env.VERSION_NUMBER }}-${{ env.RELEASE_STAGE_SHORT }},enable=${{ env.RELEASE_STAGE != 'Stable' && github.event_name == 'workflow_dispatch' && github.repository == 'SaptarshiSarkar12/Drifty' && github.ref_name == 'master' }}
	type=sha
	flavor: \|
	latest=false

	- name: Set Image Description prefix
	run: \|
	if ${{ github.event_name == 'workflow_dispatch' && github.repository == 'SaptarshiSarkar12/Drifty' && github.ref_name == 'master' }}; then
	echo "IMAGE_DESCRIPTION_PREFIX=The ${{ env.RELEASE_STAGE }}" >> $GITHUB_ENV
	elif ${{ github.event_name == 'push' && github.repository == 'SaptarshiSarkar12/Drifty' }}; then
	echo "IMAGE_DESCRIPTION_PREFIX=The Branch Preview" >> $GITHUB_ENV
	else
	echo "IMAGE_DESCRIPTION_PREFIX=The" >> $GITHUB_ENV
	fi
	- name: Pull runtime os image # to patch vulnerabilities
	run: docker pull oraclelinux:9-slim
	- name: Build latest version of Copa # to support Oracle Linux yum packages
	run: \|
	git clone https://github.com/project-copacetic/copacetic
	cd copacetic
	make
	sudo mv dist/linux_amd64/release/copa /usr/local/bin/
	- name: Run Copa to patch vulnerabilities
	continue-on-error: true # to handle cases where the image does not have vulnerabilities
	uses: nick-fields/retry@v3 # Retry action to handle network issues
	with:
	timeout_minutes: 15
	max_attempts: 3
	retry_on: error
	command: \|
	docker run --detach --rm --privileged --name buildkitd --entrypoint buildkitd moby/buildkit:latest
	copa patch -i oraclelinux:9-slim -t 9-slim --addr docker-container://buildkitd --timeout 10m
	retry_wait_seconds: '10'
	on_retry_command: \|
	docker stop buildkitd
	# Build and push Docker image with Buildx (don't push on PR and branches created by Dependabot)
	# https://github.com/docker/build-push-action
	- name: Build and push Docker image
	id: build-and-push
	uses: docker/build-push-action@v6.7.0
	with:
	context: build/${{ matrix.docker_context }}
	push: ${{ github.event_name != 'pull_request_target' && github.repository == 'SaptarshiSarkar12/Drifty' && !contains(github.ref_name, 'dependabot') }}
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	cache-from: type=gha
	cache-to: type=gha,mode=max
	file: Docker/prod/${{ matrix.docker_context }}/Dockerfile
	platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6
	outputs: "type=image,name=target,\
	annotation-index.org.opencontainers.image.source=https://github.com/SaptarshiSarkar12/Drifty,\
	annotation-index.org.opencontainers.image.description=${{ env.IMAGE_DESCRIPTION_PREFIX }} docker image for Drifty ${{ matrix.docker_context }},\
	annotation-index.org.opencontainers.image.licenses=Apache-2.0"

	- name: Build same image with different name # cached build, so, will be faster, and it will be used for security scan
	run: docker build -t ${{ matrix.image_name }} -f Docker/prod/${{ matrix.docker_context }}/Dockerfile build/${{ matrix.docker_context }}

	- name: Run Trivy security scan
	uses: aquasecurity/trivy-action@0.24.0
	continue-on-error: true
	with:
	image-ref: ${{ matrix.image_name }}
	format: 'sarif'
	exit-code: 1
	vuln-type: os,library
	ignore-unfixed: true
	output: 'trivy-report.sarif'
	hide-progress: false
	scanners: vuln,secret,misconfig

	- name: Upload Trivy security scan results
	uses: github/codeql-action/upload-sarif@main
	with:
	sarif_file: trivy-report.sarif

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge branch 'master' into dependabot/maven/org.openrewrite.recipe-re… #1674

Workflow file

Merge branch 'master' into dependabot/maven/org.openrewrite.recipe-re… #1674

Jobs

Run details

Workflow file for this run