paspo/docker-smtp-relay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases Activity

switched from drone to gitea actions
Some checks failed
Container Publish / on-success-skip (push) Has been skipped
Details
Container Publish / build-image (arm64) (push) Successful in 11s
Details
Container Publish / build-image (amd64) (push) Successful in 25s
Details
Container Publish / update docker manifest (push) Successful in 9s
Details
Vulnerability Scan / Daily Vulnerability Scan (arm64) (push) Failing after 5s
Details
Vulnerability Scan / Daily Vulnerability Scan (amd64) (push) Failing after 6s
Details

Browse Source
This commit is contained in:
Paolo Asperti
2025-06-12 07:20:33 +02:00
parent f5d3ed6cbb
commit cb0f911138
4 changed files with 90 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
.drone.yml
View File

@@ -1,105 +0,0 @@
---
kind: pipeline
type: docker
name: linux-amd64
platform:
arch: amd64
os: linux
steps:
- name: build
image: plugins/docker:linux-amd64
settings:
dockerfile: Dockerfile
dry_run: true
repo: docker.asperti.com/paspo/smtp-relay
when:
event:
- push
- name: build_and_publish
image: plugins/docker:linux-amd64
settings:
dockerfile: Dockerfile
force_tag: true
password:
from_secret: docker_password
registry: docker.asperti.com
repo: docker.asperti.com/paspo/smtp-relay
squash: true
username:
from_secret: docker_username
tags:
- latest-amd64
when:
event:
- tag
- cron
---
kind: pipeline
type: docker
name: linux-arm64
platform:
arch: arm64
os: linux
steps:
- name: build
image: plugins/docker:linux-arm64
settings:
dockerfile: Dockerfile
dry_run: true
repo: docker.asperti.com/paspo/smtp-relay
when:
event:
- push
- name: build_and_publish
image: plugins/docker:linux-arm64
settings:
dockerfile: Dockerfile
force_tag: true
password:
from_secret: docker_password
registry: docker.asperti.com
repo: docker.asperti.com/paspo/smtp-relay
squash: true
username:
from_secret: docker_username
tags:
- latest-arm64
when:
event:
- tag
- cron
---
kind: pipeline
type: docker
name: manifest
steps:
- name: manifest
image: plugins/manifest
settings:
force_tag: true
ignore_missing: true
spec: manifest.tmpl
username:
from_secret: docker_username
password:
from_secret: docker_password
tags:
- latest
trigger:
event:
- tag
- cron
depends_on:
- linux-amd64
- linux-arm64

75
.gitea/workflows/build_and_publish.yaml Normal file
View File

@@ -0,0 +1,75 @@
---
name: Container Publish
env:
REGISTRY: docker.asperti.com
REPOSITORY: paspo/smtp-relay
on:
push:
tags:
- '*'
schedule:
- cron: "0 12 3 * *"
workflow_dispatch:
workflow_call:
workflow_run:
workflows: [vulnscan.yaml]
types: [completed]
jobs:
on-success-skip:
runs-on:
labels: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' }}
steps:
- run: exit_with_success
build-image:
runs-on:
labels: [ubuntu-latest, "arch-${{ matrix.arch }}"]
container:
image: catthehacker/ubuntu:act-latest
strategy:
matrix:
arch: [amd64, arm64]
steps:
- uses: actions/checkout@v4
- name: Login to registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Build and publish
run: |
docker build \
--tag ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest-${{ matrix.arch }} \
--platform linux/${{ matrix.arch }} -f Dockerfile .
docker push ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest-${{ matrix.arch }}
manifest:
name: update docker manifest
needs: build-image
runs-on: ubuntu-latest
container:
image: catthehacker/ubuntu:act-latest
steps:
- name: Login to registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: latest
run: |
docker manifest create \
${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest \
--amend ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest-amd64 \
--amend ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest-arm64
docker manifest push ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest

18
.gitea/workflows/vulnscan.yaml
View File

@@ -1,21 +1,33 @@
--- ---
name: Vulnerability Scan name: Vulnerability Scan
env:
REGISTRY: docker.asperti.com
REPOSITORY: paspo/smtp-relay
on: on:
schedule: schedule:
- cron: "0 14 * * *" - cron: "0 14 * * *"
workflow_dispatch: workflow_dispatch:
workflow_call:
workflow_run:
workflows: [build_and_publish.yaml]
types: [completed]
jobs: jobs:
scan: scan:
name: Daily Vulnerability Scan name: Daily Vulnerability Scan
runs-on: ubuntu-latest runs-on:
labels: [ubuntu-latest, "arch-${{ matrix.arch }}"]
container: container:
image: catthehacker/ubuntu:act-latest image: catthehacker/ubuntu:act-latest
strategy:
matrix:
arch: [amd64, arm64]
steps: steps:
- name: Pull docker image - name: Pull docker image
run: docker pull docker.asperti.com/paspo/smtp-relay:latest run: docker pull ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest
- name: Setup trivy - name: Setup trivy
run: | run: |
@@ -32,7 +44,7 @@ jobs:
- name: Run Trivy vulnerability scanner - name: Run Trivy vulnerability scanner
id: scan id: scan
run: | run: |
trivy --server ${{ secrets.TRIVY_SERVER }} --token ${{ secrets.TRIVY_TOKEN }} image --format json docker.asperti.com/paspo/smtp-relay:latest > trivy-results.json trivy --server ${{ secrets.TRIVY_SERVER }} --token ${{ secrets.TRIVY_TOKEN }} image --format json ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest > trivy-results.json
# if some vulnerability is found, we fail # if some vulnerability is found, we fail
- name: check output - name: check output

13
manifest.tmpl
View File

@@ -1,13 +0,0 @@
image: docker.asperti.com/paspo/smtp-relay:latest
manifests:
-
image: docker.asperti.com/paspo/smtp-relay:latest-amd64
platform:
architecture: amd64
os: linux
-
image: docker.asperti.com/paspo/smtp-relay:latest-arm64
platform:
variant: v8
architecture: arm64
os: linux