Skip to content
Docker

Docker #128

Sign in to view logs

Docker

Docker #128

Workflow file for this run

.github/workflows/docker.yml at 9de1190
###############################################################################
# _ _ _ _ _____ _
# | | | | | | | | | __ \(_)
# | | ___ | |__ _ __ | |_| |__ ___ | |__) |_ _ __ _ __ ___ _ __
# _ | |/ _ \| '_ \| '_ \ | __| '_ \ / _ \ | _ /| | '_ \| '_ \ / _ \ '__|
# | |__| | (_) | | | | | | | | |_| | | | __/ | | \ \| | |_) | |_) | __/ |
# \____/ \___/|_| |_|_| |_| \__|_| |_|\___| |_| \_\_| .__/| .__/ \___|_|
# | | | |
# |_| |_|
#
# Copyright (c) 2021-2023 Claudio André <claudioandre.br at gmail.com>
#
# This program comes with ABSOLUTELY NO WARRANTY; express or implied.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, as expressed in version 2, seen at
# http://www.gnu.org/licenses/gpl-2.0.html
###############################################################################
# GitHub Action to build John the Ripper's Docker image
# More info at https://github.com/openwall/john-packages
---
name: Docker
"on":
workflow_dispatch:
inputs:
release:
description: "Is it a release build (needs a git checkout)?"
required: true
type: boolean
default: false
hash:
description: "The commit hash to be used"
required: false
#TODO: edit before release (JUMBO_RELEASE)
default: "f9fedd238b0b1d69181c1fef033b85c787e96e57"
VERSION_NAME:
description: "The software version name"
required: true
default: "1.9.0-jumbo-1+"
tag:
description: "The image tag"
required: true
default: "latest" #TODO: edit before release (JUMBO_RELEASE) rolling
push:
description: "Push the resulting image to Docker registry?"
required: true
type: boolean
default: true
env:
REPO: ghcr.io/${{ github.repository_owner }}/john
permissions:
contents: read
jobs:
build:
name: Build Docker image
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
outputs:
image: ${{ env.REPO }}:${{ github.event.inputs.tag }}
digest: ${{ steps.build-and-push.outputs.digest }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
archive.ubuntu.com:80
auth.docker.io:443
developer.download.nvidia.com:443
ghcr.io:443
github.com:443
ports.ubuntu.com:80
production.cloudflare.docker.com:443
raw.githubusercontent.com:443
registry-1.docker.io:443
security.ubuntu.com:80
- name: Check out the repo
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: Get data
id: data
run: |
#TODO: edit before release (JUMBO_RELEASE)
{
echo "now=$(date -u)"
echo "revision=$(git rev-parse --short=7 HEAD 2>/dev/null)"
echo "version=1.9.$(date +%Y%m%d)"
} >> "$GITHUB_OUTPUT"
- name: Docker meta
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
images: ${{ env.REPO }}:${{ github.event.inputs.tag }}
labels: |
org.opencontainers.image.authors="Claudio André <claudioandre.br at gmail com>"
software="John the Ripper ${{ github.event.inputs.VERSION_NAME }}"
org.opencontainers.image.description="John the Ripper is an Open Source password security auditing and password recovery tool. See https://www.openwall.com/john/"
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
- name: Log in to GitHub Container Registry
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build container image
id: build-and-push
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: "${{ github.workspace }}/deploy/docker"
platforms: linux/amd64 #,linux/arm64
push: ${{ github.event.inputs.push }}
build-args: |
RELEASE="${{ github.event.inputs.release }}"
COMMIT="${{ github.event.inputs.hash }}"
tags: |
${{ env.REPO }}:${{ github.event.inputs.tag }}
${{ env.REPO }}:${{ github.event.inputs.tag }}_J${{ github.run_number }}
${{ env.REPO }}:${{ github.event.inputs.tag }}_${{ steps.data.outputs.version }}
labels: |
${{ steps.meta.outputs.labels }}
outputs: "type=image,name=target,\
annotation-index.software=John the Ripper ${{ github.event.inputs.VERSION_NAME }},\
annotation-index.org.opencontainers.image.authors=Claudio André <claudioandre.br at gmail com>,\
annotation-index.org.opencontainers.image.created=${{ steps.data.outputs.now }},\
annotation-index.org.opencontainers.image.description=John the Ripper is an Open Source password security auditing and password recovery tool. See https://www.openwall.com/john/,\
annotation-index.org.opencontainers.image.licenses=GPL-2.0,\
annotation-index.org.opencontainers.image.revision=${{ steps.data.outputs.revision }},\
annotation-index.org.opencontainers.image.source=https://github.com/openwall/john-packages.git,\
annotation-index.org.opencontainers.image.title=John the Ripper CE Auditing Tool,\
annotation-index.org.opencontainers.image.url=https://www.openwall.com/john,\
annotation-index.org.opencontainers.image.vendor=Openwall,\
annotation-index.org.opencontainers.image.version=${{ steps.data.outputs.version }}"
provenance:
if: ${{ github.event.inputs.push == 'true' }}
needs: [build]
permissions:
actions: read # for detecting the GitHub Actions environment.
id-token: write # for creating OIDC tokens for signing.
packages: write # for uploading attestations.
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
image: ${{ needs.build.outputs.image }}
digest: ${{ needs.build.outputs.digest }}
registry-username: ${{ github.actor }}
secrets:
registry-password: ${{ secrets.GITHUB_TOKEN }}