Skip to content

FSL - link to ghcr

FSL - link to ghcr #69

Workflow file for this run

---
name: main
on:
push:
pull_request:
workflow_dispatch:
# schedule:
# - cron: "0 6 * * *"
defaults:
run:
shell: bash
jobs:
containers:
runs-on: ubuntu-22.04
strategy:
matrix:
package: ["FSL", "Freesurfer"]
steps:
- name: checkout
uses: actions/checkout@v4
with:
fetch-depth: 2
- name: skip if unchanged
run: |
set -euxo pipefail
SKIP=0
if ! git diff --name-only HEAD^ | grep "software/${{ matrix.package }}" | grep -v README > /dev/null
then
SKIP=1
fi
echo "SKIP=$SKIP" >> "$GITHUB_ENV"
- name: free disk space
if: env.SKIP == '0'
run: |
set -euxo pipefail
df -h
sudo rm -rf /usr/share/dotnet
sudo rm -rf /usr/local/lib/android
sudo rm -rf /usr/local/share/boost
sudo rm -rf /opt/ghc
sudo rm -rf "$AGENT_TOOLSDIRECTORY"
df -h
- name: build image
if: env.SKIP == '0'
run: |
set -euxo pipefail
package="${{ matrix.package }}"
cd "software/$package"
img="ghcr.io/smi/${package,,}"
tag="$(grep _VERSION= Dockerfile | cut -d'"' -f2)"
docker build . --tag "$img:$tag"
docker tag "$img:$tag" "$img:latest"
echo "img=$img" >> "$GITHUB_ENV"
echo "tag=$tag" >> "$GITHUB_ENV"
- name: run trivy
if: env.SKIP == '0'
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ env.img }}:${{ env.tag }}"
format: 'github'
output: 'dependency-results.sbom.json'
github-pat: "${{ secrets.GITHUB_TOKEN }}"
severity: 'MEDIUM,CRITICAL,HIGH'
scanners: "vuln"
- name: upload trivy report
if: env.SKIP == '0' && !cancelled()
uses: actions/upload-artifact@v4
with:
name: 'trivy-sbom-report-${{ matrix.package }}'
path: 'dependency-results.sbom.json'
- name: push image
if: env.SKIP == '0' && github.ref == 'refs/heads/main'
run: |
set -euxo pipefail
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
docker push "$img:$tag"
docker push "$img:latest"