Merge pull request #1016 from ericcornelissen/dependabot/npm_and_yarn… #89

Summary
Jobs
- Check
- Git
- Docker Hub
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/publish.yml at ac95ae7

	name: Publish
	on:
	push:
	branches:
	- main

	permissions: read-all

	jobs:
	check:
	name: Check
	runs-on: ubuntu-24.04
	outputs:
	released: ${{ steps.version.outputs.released }}
	version: ${{ steps.version.outputs.version }}
	steps:
	- name: Checkout repository
	uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
	with:
	fetch-depth: 0 # To fetch all tags
	persist-credentials: false
	- name: Check released
	id: version
	run: \|
	VERSION="$(grep 'version=' < Containerfile \| awk -F'"' '{print $2}')"
	echo "version=v${VERSION}" >> "${GITHUB_OUTPUT}"
	if [ -n "$(git tag --list "v${VERSION}")" ]; then
	echo 'released=true' >> "${GITHUB_OUTPUT}"
	else
	echo 'released=false' >> "${GITHUB_OUTPUT}"
	fi
	git:
	name: Git
	runs-on: ubuntu-24.04
	if: ${{ needs.check.outputs.released == 'false' }}
	permissions:
	contents: write # To push a branch
	needs:
	- check
	steps:
	- name: Checkout repository
	uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
	with:
	fetch-depth: 0
	- name: Get major version
	uses: actions/github-script@e69ef5462fd455e02edcaf4dd7708eda96b9eda0 # v7.0.0
	id: version
	env:
	VERSION: ${{ needs.check.outputs.version }}
	with:
	result-encoding: string
	script: \|
	const version = `${process.env.VERSION}`
	const major = version.replace(/\.\d+\.\d+$/, "")
	return major
	- name: Create release tag
	env:
	VERSION: ${{ needs.check.outputs.version }}
	run: \|
	git tag "${VERSION}"
	git push origin "${VERSION}"
	- name: Update major version branch
	env:
	MAJOR_VERSION: ${{ steps.version.outputs.result }}
	run: git push origin "HEAD:${MAJOR_VERSION}"
	docker-hub:
	name: Docker Hub
	runs-on: ubuntu-24.04
	if: ${{ needs.check.outputs.released == 'false' }}
	permissions:
	id-token: write # To perform keyless signing with cosign
	environment:
	name: docker
	url: https://hub.docker.com/r/ericornelissen/js-re-scan
	needs:
	- check
	steps:
	- name: Checkout repository
	uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
	with:
	persist-credentials: false
	- name: Get cosign version
	id: versions
	run: \|
	COSIGN_VERSION="$(grep cosign < .tool-versions \| awk '{print $2}')"
	echo "cosign=${COSIGN_VERSION}" >> "${GITHUB_OUTPUT}"
	- name: Install cosign
	uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
	with:
	cosign-release: v${{ steps.versions.outputs.cosign }}
	- name: Log in to Docker Hub
	uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
	with:
	username: ${{ vars.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}
	- name: Build and push to Docker Hub
	id: docker_hub
	uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
	with:
	context: .
	file: Containerfile
	push: true
	tags: >-
	ericornelissen/js-re-scan:latest,
	ericornelissen/js-re-scan:${{ needs.check.outputs.version }}
	- name: Sign container image
	env:
	IMAGE_DIGEST: ${{ steps.docker_hub.outputs.digest }}
	REF: ${{ github.sha }}
	REPO: ${{ github.repository }}
	WORKFLOW: ${{ github.workflow }}
	run: \|
	cosign sign --yes \
	-a "repo=${REPO}" \
	-a "workflow=${WORKFLOW}" \
	-a "ref=${REF}" \
	"docker.io/ericornelissen/js-re-scan@${IMAGE_DIGEST}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #1016 from ericcornelissen/dependabot/npm_and_yarn… #89

Workflow file

Merge pull request #1016 from ericcornelissen/dependabot/npm_and_yarn… #89

Jobs

Run details

Workflow file for this run