paspo/docker-zabbix-proxy-mssql
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases Activity

switched from drone to gitea actions

Browse Source
This commit is contained in:
Paolo Asperti
2025-06-11 23:08:40 +02:00
parent 00868d66cc
commit 8550f0c91c
3 changed files with 146 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
.drone.star
View File

@@ -1,114 +0,0 @@
def main(ctx):
archs = ["amd64" ]
flavours = [ "sqlite3", "mysql" ]
upstream_versions = [ "6.0", "7.0" ]
out = []
for flavour in flavours:
for ver in upstream_versions:
for arch in archs:
out += pipeline(flavour, arch, ver)
out += manifest(flavour, ver, archs)
return out
def pipeline(flavour, arch, ver):
out = [{
"kind": "pipeline",
"type": "docker",
"name": "zabbix-proxy-%s-%s-%s" % (flavour, ver, arch),
"platform": {
"arch": arch,
"os": "linux",
},
"steps": [{
"name": "build_on_push",
"image": "plugins/docker:linux-%s" % (arch),
"settings": {
"context": "src",
"dockerfile": "src/Dockerfile-%s" % (ver),
"build_args": [
"UPSTREAM_FLAVOUR=" + flavour,
"UPSTREAM_VERSION=" + ver
],
"username": {
"from_secret": "docker_username",
},
"password": {
"from_secret": "docker_password",
},
"registry": "docker.asperti.com",
"repo": "docker.asperti.com/paspo/zabbix-proxy-%s-mssql" % (flavour),
"tags": [
"%s-%s" % (ver, arch)
],
"auto_tag": False,
"force_tag": True,
"daemon_off": False,
},
}],
"trigger": {
"ref": [
"refs/heads/master",
"refs/tags/**",
],
}
}]
return out
def manifest(flavour, ver, archs):
commands = [
'echo "image: docker.asperti.com/paspo/zabbix-proxy-%s-mssql:%s" >> manifest-%s.tmpl' % (flavour, ver, flavour),
'echo "manifests:" >> manifest-%s.tmpl' % (flavour),
'echo "- image: docker.asperti.com/paspo/zabbix-proxy-%s-mssql:%s-amd64" >> manifest-%s.tmpl' % (flavour, ver, flavour),
'echo " platform:" >> manifest-%s.tmpl' % (flavour),
'echo " architecture: amd64" >> manifest-%s.tmpl' % (flavour),
'echo " os: linux" >> manifest-%s.tmpl' % (flavour),
'echo "- image: docker.asperti.com/paspo/zabbix-proxy-%s-mssql:%s-arm64" >> manifest-%s.tmpl' % (flavour, ver, flavour),
'echo " platform:" >> manifest-%s.tmpl' % (flavour),
'echo " architecture: arm64" >> manifest-%s.tmpl' % (flavour),
'echo " variant: v8" >> manifest-%s.tmpl' % (flavour),
'echo " os: linux" >> manifest-%s.tmpl' % (flavour),
'echo "- image: docker.asperti.com/paspo/zabbix-proxy-%s-mssql:%s-arm" >> manifest-%s.tmpl' % (flavour, ver, flavour),
'echo " platform:" >> manifest-%s.tmpl' % (flavour),
'echo " architecture: arm" >> manifest-%s.tmpl' % (flavour),
'echo " variant: v7" >> manifest-%s.tmpl' % (flavour),
'echo " os: linux" >> manifest-%s.tmpl' % (flavour),
]
return [{
"kind": "pipeline",
"type": "docker",
"name": "manifest-%s-%s" % (flavour, ver),
"platform": {
"arch": archs[0],
"os": "linux",
},
"steps": [{
"name": "generate",
"image": "alpine",
"commands": commands,
},{
"name": "manifest",
"image": "plugins/manifest",
"settings": {
"spec": "manifest-%s.tmpl" % (flavour),
"username": {
"from_secret": "docker_username",
},
"password": {
"from_secret": "docker_password",
},
"tags": [
ver
],
"ignore_missing": True,
"force_tag": True,
},
}],
"trigger": {
"ref": [
"refs/heads/master",
"refs/tags/**",
],
},
"depends_on": ["zabbix-proxy-%s-%s-%s" % (flavour, ver, arch) for arch in archs]
}]

80
.gitea/workflows/build_and_publish.yaml Normal file
View File

@@ -0,0 +1,80 @@
---
name: Container Publish
env:
REGISTRY: docker.asperti.com
REPOSITORY: paspo/zabbix-proxy
on:
push:
tags:
- '*'
schedule:
- cron: "0 12 3 * *"
workflow_dispatch:
workflow_call:
workflow_run:
workflows: [vulnscan.yaml]
types: [completed]
jobs:
on-success-skip:
runs-on:
labels: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' }}
steps:
- run: exit_with_success
build-image:
runs-on:
labels: [ubuntu-latest, "arch-${{ matrix.arch }}"]
container:
image: catthehacker/ubuntu:act-latest
strategy:
matrix:
arch: [amd64, arm64]
flavour: [sqlite3, mysql]
ver: ["6.0", "7.0"]
steps:
- uses: actions/checkout@v4
- name: Login to registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Build and publish
run: |
docker build \
--tag ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest-${{ matrix.arch }} \
--build-arg UPSTREAM_FLAVOUR=${{ matrix.flavour }} \
--build-arg UPSTREAM_VERSION=${{ matrix.ver }} \
--platform linux/${{ matrix.arch }} -f src/Dockerfile-${{ matrix.ver }} .
docker push ${{ env.REGISTRY }}/${{ env.REPOSITORY }}-${{ matrix.flavour }}-mssql:${{ matrix.ver }}-${{ matrix.arch }}
manifest:
name: update docker manifest
needs: build-image
runs-on: ubuntu-latest
container:
image: catthehacker/ubuntu:act-latest
steps:
- name: Login to registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: latest
run: |
docker manifest create \
${{ env.REGISTRY }}/${{ env.REPOSITORY }}-${{ matrix.flavour }}-mssql:${{ matrix.ver }} \
--amend ${{ env.REGISTRY }}/${{ env.REPOSITORY }}-${{ matrix.flavour }}-mssql:${{ matrix.ver }}-amd64 \
--amend ${{ env.REGISTRY }}/${{ env.REPOSITORY }}-${{ matrix.flavour }}-mssql:${{ matrix.ver }}-arm64
docker manifest push ${{ env.REGISTRY }}/${{ env.REPOSITORY }}-${{ matrix.flavour }}-mssql:${{ matrix.ver }}

66
.gitea/workflows/vulnscan.yaml Normal file
View File

@@ -0,0 +1,66 @@
---
name: Vulnerability Scan
env:
REGISTRY: docker.asperti.com
REPOSITORY: paspo/zabbix-proxy
on:
schedule:
- cron: "0 14 * * *"
workflow_dispatch:
workflow_call:
workflow_run:
workflows: [build_and_publish.yaml]
types: [completed]
jobs:
scan:
name: Daily Vulnerability Scan
runs-on:
labels: [ubuntu-latest, "arch-${{ matrix.arch }}"]
container:
image: catthehacker/ubuntu:act-latest
strategy:
matrix:
arch: [amd64, arm64]
flavour: [sqlite3, mysql]
ver: ["6.0", "7.0"]
steps:
- name: Pull docker image
run: docker pull ${{ env.REGISTRY }}/${{ env.REPOSITORY }}-${{ matrix.flavour }}-mssql:${{ matrix.ver }}
- name: Setup trivy
run: |
echo "Installing Trivy for arch: $(uname -m)"
case $(uname -m) in
x86_64)
wget -O /tmp/trivy.deb https://github.com/aquasecurity/trivy/releases/download/v0.58.2/trivy_0.58.2_Linux-64bit.deb ;;
aarch64)
wget -O /tmp/trivy.deb https://github.com/aquasecurity/trivy/releases/download/v0.58.2/trivy_0.58.2_Linux-ARM64.deb ;;
*) exit 1 ;;
esac
dpkg -i /tmp/trivy.deb
- name: Run Trivy vulnerability scanner
id: scan
run: |
trivy --server ${{ secrets.TRIVY_SERVER }} --token ${{ secrets.TRIVY_TOKEN }} image --format json ${{ env.REGISTRY }}/${{ env.REPOSITORY }}-${{ matrix.flavour }}-mssql:${{ matrix.ver }} > trivy-results.json
# if some vulnerability is found, we fail
- name: check output
id: vulncount
run: |
echo "VULNCOUNT=$(jq '.Results[0].Vulnerabilities|length' trivy-results.json)" >> ${GITHUB_OUTPUT}
if [ $(jq '.Results[0].Vulnerabilities|length' trivy-results.json) -ne "0" ] ; then exit 1 ; fi
- name: send telegram notification
if: failure()
uses: appleboy/telegram-action@master
with:
to: ${{ secrets.TELEGRAM_TO }}
token: ${{ secrets.TELEGRAM_TOKEN }}
format: markdown
message: |
Found **${{ steps.vulncount.outputs.VULNCOUNT }}** vulnerabilities in `${{ github.repository }}`