Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
da120ee0be
|
|||
|
1673c569e6
|
|||
|
1aa9d6513c
|
40
.gitea/workflows/git-sync.yaml
Normal file
40
.gitea/workflows/git-sync.yaml
Normal file
@ -0,0 +1,40 @@
|
||||
name: git-sync-with-mirror
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ master ]
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
git-sync:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: git-sync
|
||||
env:
|
||||
git_sync_source_repo: git@git.fridu.us:heckyel/hyperbola-mirror.git
|
||||
git_sync_destination_repo: ssh://git@c.fridu.us/containers/hyperbola-mirror.git
|
||||
if: env.git_sync_source_repo && env.git_sync_destination_repo
|
||||
uses: astounds/git-sync@v1
|
||||
with:
|
||||
source_repo: git@git.fridu.us:heckyel/hyperbola-mirror.git
|
||||
source_branch: "master"
|
||||
destination_repo: ssh://git@c.fridu.us/containers/hyperbola-mirror.git
|
||||
destination_branch: "master"
|
||||
source_ssh_private_key: ${{ secrets.GIT_SYNC_SOURCE_SSH_PRIVATE_KEY }}
|
||||
destination_ssh_private_key: ${{ secrets.GIT_SYNC_DESTINATION_SSH_PRIVATE_KEY }}
|
||||
|
||||
- name: git-sync-sourcehut
|
||||
env:
|
||||
git_sync_source_repo: git@git.fridu.us:heckyel/hyperbola-mirror.git
|
||||
git_sync_destination_repo: git@git.sr.ht:~heckyel/hyperbola-mirror
|
||||
if: env.git_sync_source_repo && env.git_sync_destination_repo
|
||||
uses: astounds/git-sync@v1
|
||||
with:
|
||||
source_repo: git@git.fridu.us:heckyel/hyperbola-mirror.git
|
||||
source_branch: "master"
|
||||
destination_repo: git@git.sr.ht:~heckyel/hyperbola-mirror
|
||||
destination_branch: "master"
|
||||
source_ssh_private_key: ${{ secrets.GIT_SYNC_SOURCE_SSH_PRIVATE_KEY }}
|
||||
destination_ssh_private_key: ${{ secrets.GIT_SYNC_DESTINATION_SSH_PRIVATE_KEY }}
|
||||
continue-on-error: true
|
||||
@ -39,9 +39,18 @@ jobs:
|
||||
- name: Get Meta
|
||||
id: meta
|
||||
run: |
|
||||
set -e
|
||||
|
||||
# Obtain the latest tag without considering commit information
|
||||
LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null)
|
||||
COMMIT_HASH=$(git rev-parse --short HEAD)
|
||||
TAG_AT_HEAD=$(git describe --tags --exact-match 2>/dev/null)
|
||||
|
||||
# Obtain the short hash of the current commit
|
||||
COMMIT_HASH=$(git rev-parse --short HEAD 2>/dev/null)
|
||||
|
||||
# Check if the current commit is tagged exactly
|
||||
TAG_AT_HEAD=$(git describe --tags --exact-match 2>/dev/null || true)
|
||||
|
||||
# If the commit has a tag, use it as the final version, stripping the 'v' prefix if present
|
||||
if [ -n "$TAG_AT_HEAD" ]; then
|
||||
FINAL_VERSION=${TAG_AT_HEAD#v}
|
||||
else
|
||||
@ -51,6 +60,16 @@ jobs:
|
||||
FINAL_VERSION="${LATEST_TAG#v}-g${COMMIT_HASH}"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Error handling: Ensure that FINAL_VERSION is not empty
|
||||
if [ -z "$FINAL_VERSION" ]; then
|
||||
echo "Error: Unable to determine version." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Output the final version
|
||||
echo "Final Version: $FINAL_VERSION"
|
||||
|
||||
echo "IMAGE_VERSION=${FINAL_VERSION}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Build Docker image
|
||||
@ -69,14 +88,13 @@ jobs:
|
||||
${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:v${{ steps.meta.outputs.IMAGE_VERSION }}
|
||||
|
||||
- name: Run Trivy vulnerability scanner
|
||||
uses: aquasecurity/trivy-action@master
|
||||
uses: astounds/trivy-action@v1
|
||||
with:
|
||||
image-ref: ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:latest
|
||||
image: ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:latest
|
||||
severity: 'CRITICAL,HIGH'
|
||||
pkg-types: 'os'
|
||||
format: 'table'
|
||||
exit-code: '1'
|
||||
ignore-unfixed: true
|
||||
vuln-type: 'os'
|
||||
severity: 'CRITICAL,HIGH'
|
||||
|
||||
- name: Push Docker image
|
||||
uses: docker/build-push-action@v6
|
||||
|
||||
@ -4,12 +4,14 @@ RUN pacman -Syu --noconfirm && pacman -S --noconfirm \
|
||||
nginx rsync cronie util-linux findutils && \
|
||||
pacman -Scc --noconfirm
|
||||
|
||||
RUN mkdir /srv/repo
|
||||
# Create the /srv/repo directory to store repository data
|
||||
RUN mkdir -p /srv/repo
|
||||
|
||||
COPY entrypoint.bash /
|
||||
RUN chmod u+x /entrypoint.bash
|
||||
|
||||
# Define a mount point for the repository data
|
||||
VOLUME /srv/repo
|
||||
# Expose port 80 for the web server
|
||||
EXPOSE 80
|
||||
|
||||
ENTRYPOINT ["/entrypoint.bash"]
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user