Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: 👷 Update Docker dependencies for Docker actions #1437

Merged
merged 1 commit into from
Jul 28, 2024

Conversation

Anselmoo
Copy link
Owner

@Anselmoo Anselmoo commented Jul 28, 2024

All PR-Submissions:


  • Have you followed the guidelines in our Contributing document?
  • Have you checked to ensure there aren't other open
    Pull Requests for the same
    update/change?

New ✨✨ Feature-Submissions:


Changes to ⚙️ Core-Features:


  • Have you added an explanation of what your changes do and why you'd like
    us to include them?
  • Have you written new tests for your core changes, as applicable?
  • Have you successfully run tests with your changes locally?

Summary by Sourcery

This pull request updates the Docker dependencies and actions in the GitHub workflow for building and pushing Docker images. It includes revisions to the Docker build job, such as setting up QEMU, Docker Buildx, and logging into the GitHub Container Registry. Additionally, it adds steps for signing Docker images using Cosign with GitHub OIDC Token.

  • CI:
    • Updated Docker dependencies and actions in the GitHub workflow for building and pushing Docker images.
    • Revised the Docker build job to include steps for setting up QEMU, Docker Buildx, and logging into the GitHub Container Registry.
    • Added steps for signing Docker images using Cosign with GitHub OIDC Token.

@Anselmoo Anselmoo enabled auto-merge July 28, 2024 10:31
Copy link

Review changes with SemanticDiff.

Copy link
Contributor

sourcery-ai bot commented Jul 28, 2024

Reviewer's Guide by Sourcery

This pull request updates the Docker dependencies and actions in the GitHub workflow file. The changes focus on updating the versions of various Docker-related actions, improving the build and push process, and enhancing the security of the image signing process.

File-Level Changes

Files Changes
.github/workflows/docker-cd.yml Updated Docker actions to newer versions, added QEMU setup, improved image build and push process, and enhanced image signing security.

Tips
  • Trigger a new Sourcery review by commenting @sourcery-ai review on the pull request.
  • Continue your discussion with Sourcery by replying directly to review comments.
  • You can change your review settings at any time by accessing your dashboard:
    • Enable or disable the Sourcery-generated pull request summary or reviewer's guide;
    • Change the review language;
  • You can always contact us if you have any questions or feedback.

@github-actions github-actions bot added the github-actions Pull requests that update Github_actions code label Jul 28, 2024
Copy link

Copy link
Contributor

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @Anselmoo - I've reviewed your changes and they look great!

Here's what I looked at during the review
  • 🟡 General issues: 1 issue found
  • 🟡 Security: 1 issue found
  • 🟢 Testing: all looks good
  • 🟢 Complexity: all looks good
  • 🟢 Documentation: all looks good

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment to tell me if it was helpful.

platforms: linux/amd64,linux/arm64
outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.description'] }}
platforms: linux/amd64,linux/arm/v7,linux/arm64
push: true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚨 suggestion (security): Consider the implications of always pushing images

The workflow now pushes images for all events, including PRs. This could potentially expose sensitive information or consume unnecessary resources. Consider adding a condition to push only for specific events or branches.

Suggested change
push: true
push: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}

# https://github.com/docker/build-push-action
- name: Build and push Docker image
- name: Build and Push container images
uses: docker/[email protected]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion (performance): Re-evaluate the removal of build caching

The cache configuration has been removed from the build step. This could potentially slow down builds significantly. Consider re-implementing caching to improve build performance.

Suggested change
uses: docker/[email protected]
uses: docker/[email protected]
with:
cache-from: type=gha
cache-to: type=gha,mode=max

Copy link

codecov bot commented Jul 28, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (48b394a) to head (ee91807).

Additional details and impacted files
@@            Coverage Diff            @@
##              main     #1437   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           44        44           
  Lines         4467      4467           
=========================================
  Hits          4467      4467           
Flag Coverage Δ
unittests 100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@Anselmoo Anselmoo merged commit 5653896 into main Jul 28, 2024
49 checks passed
@Anselmoo Anselmoo deleted the feature/docker-sign branch July 28, 2024 10:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
github-actions Pull requests that update Github_actions code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Feature]: Update workflow of Container signing
1 participant