strict mode
This commit is contained in:
Foat Akhmadeev
parent
33cbbea332
commit
336a9290bb
3 changed files with 43 additions and 45 deletions
12
.github/workflows/verify.yml
vendored
12
.github/workflows/verify.yml
vendored
|
|
@ -34,14 +34,12 @@ jobs:
|
||||||
login_registry: ghcr.io
|
login_registry: ghcr.io
|
||||||
login_username: ${{ github.actor }}
|
login_username: ${{ github.actor }}
|
||||||
login_password: ${{ secrets.GITHUB_TOKEN }}
|
login_password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
tags: |
|
tags: ghcr.io/frozen-tapestry/podman-action-verify:latest
|
||||||
ghcr.io/frozen-tapestry/podman-action-verify:latest
|
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
build_args: |
|
build_args: MY_ENV_VAR=Test MY_ENV_VAR2=Test2
|
||||||
MY_ENV_VAR=Test
|
security: |
|
||||||
MY_ENV_VAR2=Test2
|
--security-opt=seccomp=unconfined
|
||||||
security:
|
--security-opt=apparmor=unconfined
|
||||||
--security-opt seccomp=unconfined --security-opt apparmor=unconfined
|
|
||||||
push: true
|
push: true
|
||||||
- name: Run Docker container and verify output
|
- name: Run Docker container and verify output
|
||||||
id: verify-output
|
id: verify-output
|
||||||
|
|
|
||||||
56
action.yml
56
action.yml
|
|
@ -16,19 +16,22 @@ inputs:
|
||||||
required: false
|
required: false
|
||||||
tags:
|
tags:
|
||||||
description: |
|
description: |
|
||||||
Tag of the image (space-separated or newline-separated).
|
Tags for the image. Space-separated. e.g.
|
||||||
e.g. quay.io/podman/stable:latest
|
quay.io/podman/stable:latest quay.io/podman/stable:nightly
|
||||||
required: false
|
required: false
|
||||||
labels:
|
labels:
|
||||||
description: List of additional metadata for an image (space-separated or newline-separated).
|
description: |
|
||||||
|
List of additional metadata for an image. Space-separated.
|
||||||
required: false
|
required: false
|
||||||
build_args:
|
build_args:
|
||||||
description: Optional build arguments (space-separated or newline-separated).
|
description: |
|
||||||
|
Optional build arguments. Space-separated. e.g.
|
||||||
|
MY_ENV_VAR=Test MY_ENV_VAR2=Test2
|
||||||
required: false
|
required: false
|
||||||
extra_args:
|
extra_args:
|
||||||
description: |
|
description: |
|
||||||
Extra args to be passed to podman bud.
|
Extra args to be passed to podman. Space-separated. e.g.
|
||||||
Separate arguments by newline.
|
-e=MY_ENV=Test -e=MY_ENV=Test2
|
||||||
required: false
|
required: false
|
||||||
dockerfile:
|
dockerfile:
|
||||||
description: Path to the Dockerfile. If set, build step is performed.
|
description: Path to the Dockerfile. If set, build step is performed.
|
||||||
|
|
@ -44,22 +47,13 @@ inputs:
|
||||||
default: '/tmp/shared'
|
default: '/tmp/shared'
|
||||||
required: false
|
required: false
|
||||||
security:
|
security:
|
||||||
description: Security flags that are used for an intermediate container. Space separated.
|
description: Security flags that are used for an intermediate container. New line separated.
|
||||||
default: '--network=host'
|
default: '--network=host'
|
||||||
required: false
|
required: false
|
||||||
|
|
||||||
runs:
|
runs:
|
||||||
using: composite
|
using: composite
|
||||||
steps:
|
steps:
|
||||||
- name: Convert composite args
|
|
||||||
id: convert
|
|
||||||
shell: bash
|
|
||||||
run: |
|
|
||||||
echo tags=$(echo "${{ inputs.tags }}" | xargs echo -n | tr -s ' \n' '+') >> $GITHUB_OUTPUT
|
|
||||||
echo labels=$(echo "${{ inputs.labels }}" | xargs echo -n | tr -s ' \n' '+') >> $GITHUB_OUTPUT
|
|
||||||
echo build_args=$(echo "${{ inputs.build_args }}" | xargs echo -n | tr -s ' \n' '+') >> $GITHUB_OUTPUT
|
|
||||||
echo extra_args=$(echo "${{ inputs.extra_args }}" | xargs echo -n | tr -s ' \n' '+') >> $GITHUB_OUTPUT
|
|
||||||
|
|
||||||
- name: Run container steps
|
- name: Run container steps
|
||||||
uses: frozen-tapestry/docker-run-action@v5p
|
uses: frozen-tapestry/docker-run-action@v5p
|
||||||
with:
|
with:
|
||||||
|
|
@ -67,19 +61,19 @@ runs:
|
||||||
mount_ws: true
|
mount_ws: true
|
||||||
options: |
|
options: |
|
||||||
${{ inputs.security }}
|
${{ inputs.security }}
|
||||||
-v ${{ inputs.shared_path }}/auth:/etc/containers/auth
|
-v=${{ inputs.shared_path }}/auth:/etc/containers/auth
|
||||||
-v ${{ inputs.shared_path }}/storage:/var/lib/containers/storage
|
-v=${{ inputs.shared_path }}/storage:/var/lib/containers/storage
|
||||||
-v ${{ github.action_path }}/scripts:/scripts
|
-v=${{ github.action_path }}/scripts:/scripts
|
||||||
-e REGISTRY_AUTH_FILE=/etc/containers/auth/auth.json
|
-e=REGISTRY_AUTH_FILE=/etc/containers/auth/auth.json
|
||||||
-e REGISTRY=${{ inputs.login_registry }}
|
-e=REGISTRY=${{ inputs.login_registry }}
|
||||||
-e USERNAME=${{ inputs.login_username }}
|
-e=USERNAME=${{ inputs.login_username }}
|
||||||
-e PASSWORD=${{ inputs.login_password }}
|
-e=PASSWORD=${{ inputs.login_password }}
|
||||||
-e ACTION_TAGS=${{ steps.convert.outputs.tags }}
|
-e=ACTION_TAGS=${{ steps.convert.outputs.tags }}
|
||||||
-e ACTION_LABELS=${{ steps.convert.outputs.labels }}
|
-e=ACTION_LABELS=${{ steps.convert.outputs.labels }}
|
||||||
-e ACTION_BUILD_ARGS=${{ steps.convert.outputs.build_args }}
|
-e=ACTION_BUILD_ARGS=${{ steps.convert.outputs.build_args }}
|
||||||
-e ACTION_EXTRA_ARGS=${{ steps.convert.outputs.extra_args }}
|
-e=ACTION_EXTRA_ARGS=${{ steps.convert.outputs.extra_args }}
|
||||||
-e DOCKERFILE=${{ inputs.dockerfile }}
|
-e=DOCKERFILE=${{ inputs.dockerfile }}
|
||||||
-e REVISION=${{ github.sha }}
|
-e=REVISION=${{ github.sha }}
|
||||||
-e SOURCE=${{ github.server_url }}/${{ github.repository }}
|
-e=SOURCE=${{ github.server_url }}/${{ github.repository }}
|
||||||
-e PUSH=${{ inputs.push }}
|
-e=PUSH=${{ inputs.push }}
|
||||||
run: /bin/bash /scripts/run.sh
|
run: /bin/bash /scripts/run.sh
|
||||||
|
|
@ -1,10 +1,16 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
IFS=$'\n\t '
|
IFS=$'\n\t'
|
||||||
|
|
||||||
|
REGISTRY=${REGISTRY:-}
|
||||||
|
USERNAME=${USERNAME:-}
|
||||||
|
PASSWORD=${PASSWORD:-}
|
||||||
|
DOCKERFILE=${DOCKERFILE:-}
|
||||||
|
PUSH=${PUSH:-}
|
||||||
|
|
||||||
### LOGIN
|
### LOGIN
|
||||||
if [[ -n "$REGISTRY" && -n "$USERNAME" && -n "$PASSWORD" ]]; then
|
if [[ -n "$REGISTRY" && -n "$USERNAME" && -n "$PASSWORD" ]]; then
|
||||||
buildah login --storage-driver=overlay2 $REGISTRY -u $USERNAME -p $PASSWORD
|
buildah login --storage-driver=overlay2 "$REGISTRY" -u "$USERNAME" -p "$PASSWORD"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
generate_args() {
|
generate_args() {
|
||||||
|
|
@ -12,8 +18,8 @@ generate_args() {
|
||||||
local prefix="$2"
|
local prefix="$2"
|
||||||
local output=""
|
local output=""
|
||||||
|
|
||||||
if [ -n "$input_args" ]; then
|
if [[ -n "$input_args" ]]; then
|
||||||
output="$(echo "$input_args" | tr -s '+' ' ' | sed "s/[^ ]* */$prefix &/g")"
|
output="$(echo "$input_args" | tr -s ' ' '\n' | sed "s/[^ ]* */$prefix&/g")"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "$output"
|
echo "$output"
|
||||||
|
|
@ -27,11 +33,11 @@ if [[ -n "$DOCKERFILE" ]]; then
|
||||||
|
|
||||||
echo "Main labels: $CREATED $REVISION $SOURCE"
|
echo "Main labels: $CREATED $REVISION $SOURCE"
|
||||||
|
|
||||||
TAGS=$(generate_args "$ACTION_TAGS" "-t")
|
TAGS=$(generate_args "$ACTION_TAGS" "-t=")
|
||||||
echo "Tags: $TAGS"
|
echo "Tags: $TAGS"
|
||||||
LABELS=$(generate_args "$ACTION_LABELS" "--label")
|
LABELS=$(generate_args "$ACTION_LABELS" "--label=")
|
||||||
echo "Labels: $LABELS"
|
echo "Labels: $LABELS"
|
||||||
BUILD_ARGS=$(generate_args "$ACTION_BUILD_ARGS" "--build-arg")
|
BUILD_ARGS=$(generate_args "$ACTION_BUILD_ARGS" "--build-arg=")
|
||||||
echo "Build args: $BUILD_ARGS"
|
echo "Build args: $BUILD_ARGS"
|
||||||
EXTRA_ARGS=$(generate_args "$ACTION_EXTRA_ARGS" "")
|
EXTRA_ARGS=$(generate_args "$ACTION_EXTRA_ARGS" "")
|
||||||
echo "Extra args: $EXTRA_ARGS"
|
echo "Extra args: $EXTRA_ARGS"
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue