Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: Update Docker actions to latest versions #1448

Merged
merged 2 commits into from
Jul 28, 2024

Conversation

Anselmoo
Copy link
Owner

@Anselmoo Anselmoo commented Jul 28, 2024

All PR-Submissions:


  • Have you followed the guidelines in our Contributing document?
  • Have you checked to ensure there aren't other open
    Pull Requests for the same
    update/change?

New ✨✨ Feature-Submissions:


  • Does your submission pass tests?
  • Have you lint your code locally prior to submission? Fixed:
  • This PR is for a new feature, not a bug fix.

Changes to ⚙️ Core-Features:


  • Have you added an explanation of what your changes do and why you'd like
    us to include them?
  • Have you written new tests for your core changes, as applicable?
  • Have you successfully run tests with your changes locally?

Summary by Sourcery

This pull request updates the Docker actions used in the GitHub workflow configuration to their latest versions, ensuring compatibility and leveraging new features and improvements.

  • Build:
    • Updated Docker actions to their latest versions in the GitHub workflow configuration.

Copy link

Review changes with SemanticDiff.

Copy link
Contributor

sourcery-ai bot commented Jul 28, 2024

Reviewer's Guide by Sourcery

This pull request updates the Docker actions in the GitHub workflow file to their latest versions. The changes primarily involve upgrading the versions of various Docker-related actions to ensure compatibility and leverage new features or improvements.

File-Level Changes

Files Changes
.github/workflows/docker-cd.yml Updated various Docker-related actions to their latest versions and made minor adjustments to the workflow configuration.

Tips
  • Trigger a new Sourcery review by commenting @sourcery-ai review on the pull request.
  • Continue your discussion with Sourcery by replying directly to review comments.
  • You can change your review settings at any time by accessing your dashboard:
    • Enable or disable the Sourcery-generated pull request summary or reviewer's guide;
    • Change the review language;
  • You can always contact us if you have any questions or feedback.

@github-actions github-actions bot added github-actions Pull requests that update Github_actions code root labels Jul 28, 2024
@Anselmoo Anselmoo enabled auto-merge July 28, 2024 13:43
Copy link

Copy link
Contributor

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @Anselmoo - I've reviewed your changes - here's some feedback:

Overall Comments:

  • The removal of the comment about third-party actions reduces important information for users. Consider keeping or updating this notice.
  • The new comment '# cos' is unclear and doesn't provide any meaningful information. Please either remove it or replace it with a more descriptive comment.
Here's what I looked at during the review
  • 🟡 General issues: 2 issues found
  • 🟡 Security: 1 issue found
  • 🟢 Testing: all looks good
  • 🟢 Complexity: all looks good
  • 🟢 Documentation: all looks good

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment to tell me if it was helpful.

@@ -1,7 +1,6 @@
name: CD - Publish Docker image on ghcr.io

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# cos
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion: Clarify the meaning of 'cos' comment or restore original explanation

The original comment provided important context about third-party actions. Consider either expanding on what 'cos' means or restoring the original explanation for better clarity.

Suggested change
# cos
# This step is necessary because of third-party actions that require specific configurations

id: build-and-push
with:
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
cache-from: type=gha
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: Explain caching configuration and commented-out output line

The addition of caching is a good optimization. Could you explain the specific benefits of this caching configuration? Also, what's the intention behind the commented-out line for additional output configuration?

labels: ${{ steps.docker_meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
# outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=${{ fromJSON(steps.docker_meta.outputs.json).labels['org.opencontainers.image.description'] }}

# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
- name: Sign image with a key
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚨 question (security): Provide more details about the image signing process

Adding image signing is a good security practice. Could you provide more information about how this signing process is implemented and what key is being used?

Copy link

codecov bot commented Jul 28, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (2cfd905) to head (c43a011).

Additional details and impacted files
@@            Coverage Diff            @@
##              main     #1448   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           44        44           
  Lines         4467      4467           
=========================================
  Hits          4467      4467           
Flag Coverage Δ
unittests 100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@Anselmoo Anselmoo merged commit 402ae0b into main Jul 28, 2024
48 checks passed
@Anselmoo Anselmoo deleted the feature/docker-signing-fix branch July 28, 2024 13:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
github-actions Pull requests that update Github_actions code root
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant